On 7 Jul 2014 14:44, "Alexey Zilber" wrote:
>
> Hey guys,
>
> I couldn't a bug tracker for HAProxy, and I found a serious bug in
1.5.1 that may be a harbinger of other broken things in header manipulation.
>
> The bug is:
>
> I added 'http-send-name-header sfdev1' unde the defaults section of
haproxy.cfg.
>
> When we would do a POST with that option enabled, we would get 'sf'
injected into a random variable. When posting with a time field like
'07/06/2014 23:43:01' we would get back '07/06/2014 23:43:sf' consistently.
Alex -
Would you be able to post a (redacted) config that causes haproxy to
exhibit this behaviour, along with a fuller example of exactly where this
unwanted data appears in context?
If you could post a packet capture of the data being inserted, that will
probably help people to home in on the cause of the problem. Don't forget
to redact anything from the capture as you feel necessary, such as auth
creds, public IPs and host headers. (Anything you're content /not/ to
redact could only help, however!)
Jonathan
