Hi, On Mon, Nov 09, 2009 at 12:25:29PM -0200, Gabriel Sosa wrote: > guys, > > we have setup an haproxy for http and ssl traffic, so far all worked > as expected. but today looking at the "request logs" each time some > user goes to the ssl part of the site I can see in the logs > "<BADREQ>" but the request goes just fine. what does this mean? how do > I fix this?
Pretty amazing, this bug has been around since almost the beginning it seems and nobody caught it yet ! This is caused by "option httplog" in your default settings which gets inherited by the https instance which then tries to log in http. I thought there was a check for this, and obviously I was wrong. defaults log global option httplog ^^^^^^^^^^^^^^^^^^^^^^^ mode tcp ... listen load_balanced_https AAA.BBB.CCC.DDD:443 balance source option ssl-hello-chk mode tcp ^^^^^^^^^^^^^^^^^^^ Also be careful, the following options are wrong too in HTTPS (since haproxy can't touch the stream). However they are just harmless, but may become invalid and cause an error when checks become stricter : option httpclose option forwardfor ... I've committed the following patch which emits a warning in case of such a wrong setting which might be hard to catch. It also automatically falls back to tcplog for a TCP proxy. Thanks for the report! Willy >From 5f0bd6537f8b56b643ef485d7a3c96d996d9b01a Mon Sep 17 00:00:00 2001 From: Willy Tarreau <w...@1wt.eu> Date: Mon, 9 Nov 2009 21:27:51 +0100 Subject: [BUG] config: disable 'option httplog' on TCP proxies Gabriel Sosa reported that logs were appearing with BADREQ when 'option httplog' was used with a TCP proxy (eg: inherited via a default instance). This patch detects it and falls back to tcplog after emitting a warning. --- src/proxy.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/proxy.c b/src/proxy.c index 69b070e..15f9b92 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -327,6 +327,11 @@ int proxy_cfg_ensure_no_http(struct proxy *curproxy) Warning("config : Layer 7 hash not possible for %s '%s' (needs 'mode http'). Falling back to round robin.\n", proxy_type_str(curproxy), curproxy->id); } + if (curproxy->to_log & (LW_REQ | LW_RESP)) { + curproxy->to_log &= ~(LW_REQ | LW_RESP); + Warning("config : 'option httplog' not usable with %s '%s' (needs 'mode http'). Falling back to 'option tcplog'.\n", + proxy_type_str(curproxy), curproxy->id); + } return 0; } -- 1.6.4.4