Hi Cyril,
Behind haproxy, I have 3 IIS servers. I installed an ISAPI filter called
F5XForwardedFor.
It's very strange, I don't have any problems with the other
frontend/backend in the same instance.
I continue to search.
Thanks for your help!!
Christophe
Le 17/12/12 22:13, « Cyril Bonté » <cyril.bo...@free.fr> a écrit :
>Hi Christophe,
>
>Le 14/12/2012 14:27, Christophe Rahier a écrit :
>> Hi Baptiste,
>>
>> I tried to configure it but I'm not a Linux specialist ;-)
>>
>> Here's what I can find in my log file:
>>
>> Dec 14 14:25:13 lbhatest haproxy[1758]: 212.123.23.228:9163
>> [14/Dec/2012:14:25:13.233] Managers-Farm~ Managers-Farm/<NOSRV>
>> -1/-1/-1/-1/39 400 210 - - CR-- 0/0/0/0/0 0/0 {} "<BADREQ>"
>> Dec 14 14:25:15 lbhatest haproxy[1758]: 212.123.23.228:9164
>> [14/Dec/2012:14:25:15.447] Managers-Farm~ Managers-Farm/<NOSRV>
>> -1/-1/-1/-1/18 400 210 - - CR-- 0/0/0/0/0 0/0 {} "<BADREQ>"
>>
>>
>> Does it help you?
>
>I'm not sure those logs concern your "too many redirects".
>
>However, talking about "too many redirects", it makes me think of a
>common issue with applications behind a SSL terminator/accelerator/...
>It can sometimes become a nightmare for the administrators when the
>developers provide their application for the first time :-)
>
>The rule is quite "simple" : you have to know what you're running on the
>backends to know what configuration to apply. Easy to say, I know.
>
>As haproxy is the SSL terminator, your web server receives a plain
>unencrypted HTTP request. Some applications can decide that the HTTP
>request should be immediatly redirected to an URL prefixed with a https
>scheme to secure the communication. And here comes the loop.
>
>To prevent this, it depends on the application (and other intermediary
>modules like mod_jk and others).
>For some applications, simply adding "reqadd X-Forwarded-Proto:\ https"
>in the haproxy configuration will solve the issue.
>In some other cases, adding the header is not sufficient and you have to
>set an environment variable in apache (assuming you're using it).
>
>Example :
> SetEnvIf X-Forwarded-Proto https HTTPS=on
>
>But that's where you have to know what framework is used in your
>application. There is no standard : I've already met some frameworks
>where the value is case sensitive, waiting for :
> HTTPS=ON
>some others waiting for :
> HTTPS=On
>and still some others requiring :
> HTTPS=1
>
>And I don't talk about frameworks that require something else than
>"X-Forwarded-Proto" ;-)
>
>I hope this will help a bit.
>
>--
>Cyril Bonté
>
