On Thu, Dec 06, 2012 at 08:00:44AM +0200, SBD wrote: > I ment that those probably not a real requests being failed for some reason > though we can't confirm that. > > I will try your suggestion, even though this will just prevent it from > being logged and not actually solve the problem (if any).
OK. > Another thing is that if I'm not mistaking, when I dumped some traffic > using tcpdump and open it with wireshark it looked like tgat those request > are actually empty (though maybe wirshark think that a NULL byte request is > an empty one) - I will doing it again just to make sure. In your error report, haproxy was saying that it did receive one byte, so wireshark should display it. > As we couldnt find anyone wich having the same issue we kind of worried we > are doing something wrong and we are not serving about 10% from our > requests. I understand. > The thing is we have two frontends on this machine which get different > amount of traffic and they both have the same precentage of such invalid > requests - what we think indicates that those are not port scanning or > anything similar. That's really strange then. Are you behind a reverse-proxy or any content analyser ? It's possible that there is a bug somewhere between the internet and your machine that causes delivery of such single-byte data. We can also imagine some kind of "smart" firewall removing an URG flag from stupid harmless attacks, causing the single OOB byte to appear as a one-byte data. This one is easy to test though :-) Willy
