Hi, everybody! I'm facing an issue with a somewhat weird/broken client and I'm looking for some advise on it.
The client opens a HTTPS session and sends its request (POST data in my case). The HTTPS part is fine. The POST data is small, so it fits into a single TCP packet, which arrives with ACK,PSH,FIN flags set. HAProxy diligently responds with FIN,ACK and closes the client connection, not sending anything to the backend server. It also logs the request as CR-- which seems proper. There is nothing specific in my HAProxy setup in this case, default config with a single frontend/backend. I'm on 1.8 series. I'm aware that sending a FIN on a TLS connection violates the TLS RFC, but I suspect that such a client would do the same on a non-TLS connection too. It brings me to the question, is there a way to tell HAProxy not to close a client connection upon receipt of FIN on the client side if there is an unserved HTTP request, but rather keep the client connection half-open until the backend responds? The issue I'm facing is likely exacerbated by the fact that client sends FIN together with the HTTP request, so there is no backend connection yet when HAProxy decides to close the client connection. Any ideas will he much appreciated. I'm open to testing config changes/patches if needed (or even writing one with some guidance). WWell, Assen Totin
