On Thu, Jan 13, 2022 at 3:22 AM Christopher Faulet
wrote:
> However, during H1 parsing, the authority found in the URI is validated
> against
> the Host header. At this stage, both must be identical. Otherwise an error
> is
> reported. "accept-invalid-http-request" option is a valid workaround
On Wed, Jan 12, 2022 at 8:57 PM Aleksandar Lazic wrote:
> Why not "mode tcp" with proxy protocol
> http://www.squid-cache.org/Doc/config/proxy_protocol_access/ if you
> need the client ip.
>
Because we need to apply layer 7 ACLs within haproxy that require mode http.
i am load balancing against 2 squid instances, and have gone down the
path of using mode tcp, with proxy protocol, and found that i prefer
mode http with http-reuse and x-forwarded-for.
with tcp and proxy protocol, every connection is sent with the clients
ip, so any ip based acls or rules are
Le 1/13/22 à 02:57, Aleksandar Lazic a écrit :
On 12.01.22 21:52, Andrew Anderson wrote:
On Wed, Jan 12, 2022 at 11:58 AM Aleksandar Lazic mailto:al-hapr...@none.at>> wrote:
Well, looks like you want a forward proxy like squid not a reverse proxy
like haproxy.
The application being
On 12.01.22 21:52, Andrew Anderson wrote:
On Wed, Jan 12, 2022 at 11:58 AM Aleksandar Lazic mailto:al-hapr...@none.at>> wrote:
Well, looks like you want a forward proxy like squid not a reverse proxy
like haproxy.
The application being load balanced is a proxy, so http_proxy is not a
On Wed, Jan 12, 2022 at 11:58 AM Aleksandar Lazic
wrote:
> Well, looks like you want a forward proxy like squid not a reverse proxy
> like haproxy.
>
The application being load balanced is a proxy, so http_proxy is not a good
fit (and as you mention on the deprecation list), but haproxy as a
my haproxy config details are below. i am using haproxy to load balance
2 squid instances, and the http/layer 7 aware configs in haproxy trap
these requests and fail them.
[root@haproxy]# haproxy -v
HA-Proxy version 2.1.11-9da7aab 2021/01/08 - https://haproxy.org/
Status: stable branch - will
On 12.01.22 17:06, Andrew Anderson wrote:
On Thu, Dec 30, 2021 at 10:15 PM Willy Tarreau mailto:w...@1wt.eu>> wrote:
On Wed, Dec 29, 2021 at 12:29:11PM +0100, Aleksandar Lazic wrote:
> > 0 CONNECT download.eclipse.org:443 HTTP/1.1\r\n
> > 00043 Host:
On Thu, Dec 30, 2021 at 10:15 PM Willy Tarreau wrote:
> On Wed, Dec 29, 2021 at 12:29:11PM +0100, Aleksandar Lazic wrote:
> > > 0 CONNECT download.eclipse.org:443 HTTP/1.1\r\n
> > > 00043 Host: download.eclipse.org\r\n
> > > 00071 User-Agent: Apache-HttpClient/4.5.10
On Wed, Dec 29, 2021 at 12:29:11PM +0100, Aleksandar Lazic wrote:
> > [28/Dec/2021:12:48:34.023] frontend proxy (#2): invalid request
> > backend (#-1), server (#-1), event #166, src
> > 192.168.1.90:44350
> > buffer starts at 0 (including 0 out), 16258 free
on this page are 108 bugs fixed within the next version.
Maybe you should update to latest 2.4 and see if the behavior is still the same.
Running on: Linux 5.11.22-100.fc32.x86_64 #1 SMP Wed May 19 18:58:25 UTC
2021 x86_64
[28/Dec/2021:12:17:14.412] frontend proxy (#2): invalid request
:25 UTC
2021 x86_64
[28/Dec/2021:12:17:14.412] frontend proxy (#2): invalid request
backend (#-1), server (#-1), event #154, src
192.168.1.90:44228
buffer starts at 0 (including 0 out), 16216 free,
len 168, wraps at 16336, error at position 52
H1 connection flags 0x, H1 stream
12 matches
Mail list logo