Hi Cyril, Behind haproxy, I have 3 IIS servers. I installed an ISAPI filter called F5XForwardedFor.
It's very strange, I don't have any problems with the other frontend/backend in the same instance. I continue to search. Thanks for your help!! Christophe Le 17/12/12 22:13, « Cyril Bonté » <cyril.bo...@free.fr> a écrit : >Hi Christophe, > >Le 14/12/2012 14:27, Christophe Rahier a écrit : >> Hi Baptiste, >> >> I tried to configure it but I'm not a Linux specialist ;-) >> >> Here's what I can find in my log file: >> >> Dec 14 14:25:13 lbhatest haproxy[1758]: 212.123.23.228:9163 >> [14/Dec/2012:14:25:13.233] Managers-Farm~ Managers-Farm/<NOSRV> >> -1/-1/-1/-1/39 400 210 - - CR-- 0/0/0/0/0 0/0 {} "<BADREQ>" >> Dec 14 14:25:15 lbhatest haproxy[1758]: 212.123.23.228:9164 >> [14/Dec/2012:14:25:15.447] Managers-Farm~ Managers-Farm/<NOSRV> >> -1/-1/-1/-1/18 400 210 - - CR-- 0/0/0/0/0 0/0 {} "<BADREQ>" >> >> >> Does it help you? > >I'm not sure those logs concern your "too many redirects". > >However, talking about "too many redirects", it makes me think of a >common issue with applications behind a SSL terminator/accelerator/... >It can sometimes become a nightmare for the administrators when the >developers provide their application for the first time :-) > >The rule is quite "simple" : you have to know what you're running on the >backends to know what configuration to apply. Easy to say, I know. > >As haproxy is the SSL terminator, your web server receives a plain >unencrypted HTTP request. Some applications can decide that the HTTP >request should be immediatly redirected to an URL prefixed with a https >scheme to secure the communication. And here comes the loop. > >To prevent this, it depends on the application (and other intermediary >modules like mod_jk and others). >For some applications, simply adding "reqadd X-Forwarded-Proto:\ https" >in the haproxy configuration will solve the issue. >In some other cases, adding the header is not sufficient and you have to >set an environment variable in apache (assuming you're using it). > >Example : > SetEnvIf X-Forwarded-Proto https HTTPS=on > >But that's where you have to know what framework is used in your >application. There is no standard : I've already met some frameworks >where the value is case sensitive, waiting for : > HTTPS=ON >some others waiting for : > HTTPS=On >and still some others requiring : > HTTPS=1 > >And I don't talk about frameworks that require something else than >"X-Forwarded-Proto" ;-) > >I hope this will help a bit. > >-- >Cyril Bonté >