Re: h2 bad requests
Hi Lucas, On 2017-12-28 22:38, Lucas Rolff wrote: Hi Sander, Which exact browser version do you use? There’s an ongoing thread already (https://www.mail-archive.com/haproxy@formilux.org/msg28333.html ) regarding the same issue. I just noticed and was reading up. I can reproduce this problem on Firefox Quantum 57.0.3, Chrome 63.0.3239.84, Safari 11.0.2. All on OSX 10.12.6. It only happens when I post something, but not every time, which makes it a bit fishy. Greets, Sander 0x2E78FBE8.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: h2 bad requests
Hi Sander, Which exact browser version do you use? There’s an ongoing thread already (https://www.mail-archive.com/haproxy@formilux.org/msg28333.html ) regarding the same issue. Best Regards, Lucas Rolff
h2 bad requests
Hi, I'm playing around with http2 on haproxy 1.8.2 but when I enable it I get HTTP 400's on some requests. When sending a show errors to the admin socket I get no errors at all. Disabling http2 makes the rror go away. The logfile shows: Dec 28 22:09:02 hostname haproxy[23043]: x.x.x.x:58219 [28/Dec/2017:22:09:02.066] web~ nginx/nginx 0/0/2/-1/10 400 188 - - CH-- 4/2/0/0/0 0/0 {something.nl|Mo zilla/5.0 (Mac|1695|https://something.nl/some/path/?_lala=option&_another=option} {} "POST /some/path/?_task=doit&_action=dothisaction HTTP/1.1" I'm looking for a way to troubleshoot this. My config looks like: global log /dev/loglocal0 log /dev/loglocal1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon ssl-default-bind-options no-sslv3 no-tls-tickets ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-server-options no-sslv3 no-tls-tickets ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-server-verify none tune.ssl.default-dh-param 4096 defaults log global modehttp option httplog option dontlognull timeout connect 5000 timeout client 5 timeout server 5 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend web bind x.x.x.x:80 bind x.x.x.x:443 ssl crt /etc/haproxy/SSL/ strict-sni alpn h2,http/1.1 bind :xxx::xxx::1:80 bind :xxx::xxx::1:443 ssl crt /etc/haproxy/SSL/ strict-sni alpn h2,http/1.1 mode http maxconn 4096 option httplog option splice-auto capture request header Host len 64 capture request header User-Agent len 16 capture request header Content-Length len 10 capture request header Referer len 256 capture response header Content-Length len 10 acl in_badstuff url_reg -i -f /etc/haproxy/filters/badstuff.reg acl in_badstuff url_sub -i -f /etc/haproxy/filters/phpmyadmin.txt acl in_badstuff hdr_sub(referer) -i -f /etc/haproxy/filters/referrer.txt acl is_host_falco hdr_sub(Host) -i somehost.nl use_backend badstuff if in_badstuff use_backend nginx-plain if !{ ssl_fc } use_backend nginx backend nginx fullconn 128 mode http option abortonclose option http-keep-alive server nginx 127.0.0.1:443 ssl cookie nginx send-proxy backend nginx-plain fullconn 128 mode http option abortonclose option http-keep-alive server nginxplain 127.0.0.1:80 cookie nginx-plain send-proxy backend badstuff mode http errorfile 503 /etc/haproxy/errors/503.http Greets, Sander 0x2E78FBE8.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature