Hi all,
Le 21/09/2012 20:59, Baptiste a écrit :
HAProxy clearly says that the error is at position 23, which looks to
be a P, but I guess this is due to the copy/paste.
A tcpdump may help understanding what type of character is at this position.
That said, sounds weird that it works with HAProxy 1.4 and does not
anymore with 1.5-dev12.
Not really, allowed characters have changed from haproxy 1.4 to 1.5.
This is detailed in "option accept-invalid-http-request"
http://cbonte.github.com/haproxy-dconv/configuration-1.5.html#option%20accept-invalid-http-request
The concerned paragraph :
"
Similarly, the list of characters allowed to appear in a URI is well
defined by RFC3986, and chars 0-31, 32 (space), 34 ('"'), 60 ('<'), 62
('>'), 92 ('\'), 94 ('^'), 96 ('`'), 123 ('{'), 124 ('|'), 125 ('}'),
127 (delete) and anything above are not allowed at all. Haproxy always
blocks a number of them (0..32, 127). The remaining ones are blocked by
default unless this option is enabled.
"
Alexey, are you sure the issue is not in your apache configuration ?
The RewriteRule looks strange to me :
RewriteRule ^(.*)$ /phpinfo.php?PATH=%1/&%2 [QSA,L]
It uses %2 but it doesn't match any part of the regexp. From your
haproxy trace given by "show error", it looks like haproxy is receiving
garbage values from apache (buffer overflow ?) :
/phpinfo.php?PATH=/РР°Салог/&&pid=42
Could you give a try to 1.5-dev7 ?
cheers
On Fri, Sep 21, 2012 at 8:17 PM, Alexey Vlasov <ren...@renton.name> wrote:
Yes, it's 400 error. But the tuning unfortunately doesn't help.
--
BRGDS. Alexey Vlasov.
On Fri, Sep 21, 2012 at 06:50:30PM +0200, Thomas Heil wrote:
Hi,
If this is error 400. Maybe your Get Request become too long.
Would you mind try increasing your buffsize but leaving maxrewrite on 1024.
e.g
--
global
tune.bufsize 32678
tune.maxrewrite 1024
--
cheers,
thomas
On 21.09.2012 18:17, Alexey Vlasov wrote:
[21/Sep/2012:20:12:41.265] frontend backend_pool610 (#15): invalid request
backend backend_pool610 (#15), server <NONE> (#-1), event #0
src xx.xx.143.35:37769, session #71, session flags 0x00000080
HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000
HTTP chunk len 0 bytes, HTTP body len 0 bytes
buffer flags 0x00808002, out 0 bytes, total 913 bytes
pending 913 bytes, wrapping at 16384, error at position 23:
00000 GET /phpinfo.php?PATH=/РР°СалР
00034+ ѕРі/&&pid=42 HTTP/1.1
00057 Host: test-l24-apache-aux4.p2
00092 User-Agent: Opera/9.80 (Windows NT 6.1; WOW64; U; ru) Presto/2.10.289
00162+ Version/12.02
00177 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image
00247+ /png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
00315+
00316 Accept-Language: ru,ru-RU;q=0.9,en;q=0.8
00358 Accept-Encoding: gzip, deflate
00390 Cookie: __ptca=137351919.6tcw1SGtta9M.1334637172.1334637172.1334637172
00460+ .1; __ptv_3S8nQr=6tcw1SGtta9M; __pti_3S8nQr=6tcw1SGtta9M; __ptcz=13735
00530+ 1919.1334637172.1.0.ptmcsr=(direct)|ptmcmd=(none)|ptmccn=(direct)
00597 X-FORWARDED-URI: /%D0%9A%D0%B0%D1%82%D0%B0%D0%BB%D0%BE%D0%B3/&pid=42
00666+
00667 X-FORWARDED-REQUEST: GET /%D0%9A%D0%B0%D1%82%D0%B0%D0%BB%D0%BE%D0%B3/&
00737+ pid=42 HTTP/1.1
00754 X-Forwarded-For: xx.x.248.121
00787 X-Forwarded-Host: test-l24-apache-aux4.p2
00834 X-Forwarded-Server: www.test-l24-apache-aux4.p2
00887 Connection: Keep-Alive
00911
On Fri, Sep 21, 2012 at 04:00:00PM +0200, Baptiste wrote:
Hi,
could you run a "show error" on haproxy stats socket?
It will tell you exactly where the error is located.
cheers
On Fri, Sep 21, 2012 at 2:50 PM, Alexey Vlasov <ren...@renton.name> wrote:
Hi.
By using the given below scheme:
=====
apache (fe) - haproxy - apache (PHP)
=====
and the rule in .htaccess
=====
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)/(.*)$
RewriteCond %2 !\.
RewriteRule ^(.*)$ /phpinfo.php?PATH=%1/&%2 [QSA,L]
=====
haproxy gives badrequest.
Log from apache (fe):
=====
xx.xx.248.121 - - [20/Sep/2012:16:08:51 +0400] "GET
/%D0%9A%D0%B0%D1%82%D0%B0%D0%BB%D0%BE%D0%B3/&pid=42 HTTP/1.1" 400 90 "-"
"Opera/9.80 (Windows NT 6.1; WOW64; U; ru) Presto/2.10.289
Version/12.02"
=====
haproxy:
=====
Sep 20 16:08:51 l24 haproxy_aux4_pools[18980]: xx.xx.143.35:36564
[20/Sep/2012:16:08:51.744] backend_pool610 backend_pool610/<NOSRV>
-1/-1/-1/-1/0 400 187 - - PR-- 1/0/0/0/10 0/0 {} "<BADREQ>"
=====
My haproxy.conf:
=====
global
daemon
user haproxy
group haproxy
chroot /var/empty
maxconn 4096
ulimit-n 32000
stats socket /var/lib/haproxy/haproxy_aux4.sock level admin mode 600
defaults
log 127.0.0.1 local5 notice
mode http
retries 10
maxconn 2000
timeout client 50000
timeout connect 5000
timeout server 5m
balance roundrobin
option forwardfor except xx.xx.143.35/32
option http-server-close
stats enable
stats uri /aouwl3j?stats
listen backend_pool610 xx.xx.143.35:9610
option httplog
log 127.0.0.1 local6
cookie SERVERID
option httpchk
capture request header Host len 40
server pool610 xx.xx.143.35:8610 weight 255 cookie pool4 check inter 800
fall 3 rise 2 maxconn 500
server pool3 xx.xx.143.35:8101 weight 1 cookie pool1 check inter 2000
fall 3 rise 2 maxconn 250
server pool4 xx.xx.143.35:8102 backup
=====
There's no such 400 error in version 1.4.
--
BRGDS. Alexey Vlasov.
--
Cyril Bonté
