Re: Significant number of 400 errors..

Mon, 24 Nov 2014 22:23:46 -0800 

Hi Willy and Lukas,

  Here's snippets of the new config:


-----------------------------

global

       maxconn 645000

       maxpipes 645000

       ulimit-n 645120

       user haproxy

       group haproxy

        tune.bufsize 49152

       spread-checks 10

       daemon

       quiet

       stats socket /var/run/haproxy.sock level admin

       pidfile /var/run/haproxy.pid


defaults

       log     global

       mode    http

        option accept-invalid-http-request

        option accept-invalid-http-response

       option  httplog

       option  dontlognull

       option dontlog-normal

       option log-separate-errors

        option http-server-close

        option tcp-smart-connect

        option tcp-smart-accept

        option forwardfor except 127.0.0.1

       option dontlog-normal

       retries 3

       option redispatch

       maxconn 2000000

       contimeout      5000

       clitimeout      60000

       srvtimeout      60000

listen  www   0.0.0.0:80

       mode http

        capture response header Via len 20

         capture response header Content-Length len 10

         capture response header Cache-Control len 8

         capture response header Location len 40

       balance roundrobin

       # Haproxy status page

       stats uri /haproxy-status

       stats auth fb:phoo

       # when cookie persistence is required

       cookie SERVERID insert indirect nocache

       # When internal servers support a status page

       option httpchk GET /xyzzyx.php

        bind 0.0.0.0:443 ssl crt /etc/lighttpd/ssl_certs/xxxx.co.pem

        http-request add-header X-FORWARDED-PROTO https if { ssl_fc }

          server app1 10.1.1.6:85 check inter 40000 rise 2 fall 3 maxconn
16384

          server app2 10.1.1.7:85 check inter 40000 rise 2 fall 3 maxconn
16384

-----------------------------


The old config did NOT have the following items, and had about 500x more
errors:
-----------------------------
  tune.bufsize 49152

        option accept-invalid-http-request

        option accept-invalid-http-response
-----------------------------

Here's what the 'show errors' shows on a sampling of the server.  It looks
like 90% of the errors are the second error (25/Nov/2014:00:06:30.753):




Total events captured on [24/Nov/2014:23:31:52.468] : 151



[22/Nov/2014:21:55:56.597] frontend www (#2): invalid request

  backend www (#2), server <NONE> (#-1), event #150

  src 166.137.247.239:8949, session #3883610, session flags 0x00000080

  HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000

  HTTP chunk len 0 bytes, HTTP body len 0 bytes

  buffer flags 0x00808002, out 0 bytes, total 1183 bytes

  pending 1183 bytes, wrapping at 49152, error at position 227:



  00000
sited%22%3A1416713764%2C%22times_visited%22%3A6%2C%22device%22%3A%22We

  00070+
b%22%2C%22lastsource%22%3A%22bottomxpromo%22%2C%22language%22%3A%22en%

  00140+
22%2C%22extra%22%3A%22%7B%5C%22tr%5C%22%3A%5C%22en%5C%22%7D%22%2C%22di

  00210+ d_watch%22%3A1%7D; yXXXXX=5167136038811769837; _vhist=%7B%22visito

  00280+
r_id%22%3A%225024165909427731336%22%2C%22seen_articles%22%3A%22%7B%5C%

  00350+
22950%5C%22%3A1402416590%2C%5C%22685%5C%22%3A1402416675%2C%5C%22799%5C

  00420+
%22%3A1402416789%2C%5C%22954%5C%22%3A1402416997%2C%5C%22939%5C%22%3A14

  00490+
02417098%2C%5C%222334%5C%22%3A1407162586%2C%5C%222055%5C%22%3A14071626

  00560+
91%2C%5C%223888%5C%22%3A1409938121%2C%5C%223020%5C%22%3A1409938211%2C%

  00630+
5C%223773%5C%22%3A1409938340%2C%5C%222163%5C%22%3A1409938389%2C%5C%222

  00700+
569%5C%22%3A1409938872%2C%5C%222426%5C%22%3A1409938959%2C%5C%2213984%5

  00770+
C%22%3A1411916274%2C%5C%221675%5C%22%3A1411916466%2C%5C%2214950%5C%22%

  00840+
3A1412432461%2C%5C%2219759%5C%22%3A1416714580%7D%22%2C%22num_articles%

  00910+ 22%3A17%7D; lastlargeleaderboard=1416713603;
lastlike-264755123648776=

  00980+ 1416713764; lastlike-703681396382652=1416713919;
lastlike-939184096095

  01050+ 676=1416714070; lastlike-293377080869393=1416714282;
lastlike-14790568

  01120+ 05705686=1416714412; popped_19731=1\r\n

  01157  Connection: keep-alive\r\n

  01181  \r\n


-----------


Total events captured on [25/Nov/2014:00:06:30.753] : 480



[25/Nov/2014:00:06:26.417] frontend www (#2): invalid request

  backend www (#2), server <NONE> (#-1), event #479

  src 50.92.157.165:53649, session #14629125, session flags 0x00000080

  HTTP msg state 26, msg flags 0x00000000, tx flags 0x84000000

  HTTP chunk len 0 bytes, HTTP body len 0 bytes

  buffer flags 0x00808002, out 0 bytes, total 45 bytes

  pending 45 bytes, wrapping at 49152, error at position 0:



  00000
\x17\x03\x03\x00(t\xF42\x9D\x96\x19[(\xF6\xFEK\xB7\x9Br\x00C\xDBn<\x98

  00025+ \x12"\xC2\xBC\x91\x91\x0E5\xEA,\xCE0t\xF3\x90\x16\x1Dd\x99\xC4


------------------

Total events captured on [25/Nov/2014:00:08:45.356] : 128



[24/Nov/2014:22:38:34.626] frontend www (#2): invalid request

  backend www (#2), server <NONE> (#-1), event #127

  src 157.55.39.106:29900, session #4147419, session flags 0x00000080

  HTTP msg state 27, msg flags 0x00000000, tx flags 0x00000000

  HTTP chunk len 0 bytes, HTTP body len 0 bytes

  buffer flags 0x00808002, out 0 bytes, total 304 bytes

  pending 304 bytes, wrapping at 49152, error at position 15:



  00000  GET
/?id=551&sr\xC3\x83\xC2\xAF\xC3\x82\xC2\xBF\xC3\x82\xC2\xBD=share_

  00034+ fb_new_551 HTTP/1.1\r\n

  00055  Cache-Control: no-cache\r\n

  00080  Connection: Keep-Alive\r\n

  00104  Pragma: no-cache\r\n

  00122  Accept: */*\r\n

  00135  Accept-Encoding: gzip, deflate\r\n

  00167  From: bingbot(at)microsoft.com\r\n

  00199  Host: xxxxxx.co\r\n

  00217  User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +
http://www.bing.com

  00287+ /bingbot.htm)\r\n

  00302  \r\n

------------------------

Total events captured on [25/Nov/2014:00:11:16.030] : 557



[25/Nov/2014:00:08:19.250] frontend www (#2): invalid request

  backend www (#2), server <NONE> (#-1), event #556

  src 199.59.148.211:40148, session #14688643, session flags 0x00000080

  HTTP msg state 26, msg flags 0x00000000, tx flags 0x84000000

  HTTP chunk len 0 bytes, HTTP body len 0 bytes

  buffer flags 0x00808002, out 0 bytes, total 140 bytes

  pending 140 bytes, wrapping at 49152, error at position 5:



  00000  GET /\x00/?id=16278&src=shorturl_16278 HTTP/1.1\r\n

  00046  Host: xxxxxx.com\r\n

  00065  User-Agent: Twitterbot/1.0\r\n

  00093  Accept-Encoding: gzip, deflate\r\n

  00125  Accept: */*\r\n

  00138  \r\n


---------------------

Total events captured on [25/Nov/2014:00:12:57.050] : 577



[25/Nov/2014:00:09:20.036] frontend www (#2): invalid request

  backend www (#2), server <NONE> (#-1), event #576

  src 173.209.211.205:51013, session #15108367, session flags 0x00000080

  HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000

  HTTP chunk len 0 bytes, HTTP body len 0 bytes

  buffer flags 0x00808002, out 0 bytes, total 60 bytes

  pending 60 bytes, wrapping at 49152, error at position 6:



  00000  action=video_ready&value=1&time_on_page=140.87&article=18539

----------------

Total events captured on [25/Nov/2014:00:14:54.259] : 526



[25/Nov/2014:00:08:22.991] frontend www (#2): invalid request

  backend www (#2), server <NONE> (#-1), event #525

  src 67.231.32.73:59810, session #15100093, session flags 0x00000080

  HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000

  HTTP chunk len 0 bytes, HTTP body len 0 bytes

  buffer flags 0x00808002, out 0 bytes, total 1460 bytes

  pending 1460 bytes, wrapping at 49152, error at position 6:



  00000  Cookie:
_vis=%7B%22visitor_id%22%3A%225108882918757752765%22%2C%22sour

  00070+
ce%22%3A%22fbfan_2081%22%2C%22joined%22%3A1410888291%2C%22last_visited

  00140+
%22%3A1412459722%2C%22times_visited%22%3A23%2C%22language%22%3A%22en%2

  00210+
2%2C%22extra%22%3A%22%7B%5C%22tr%5C%22%3A%5C%22en%5C%22%7D%22%2C%22dev

  00280+
ice%22%3A%22Web%22%2C%22lastsource%22%3A%22fbfan_15040%22%2C%22did_wat

  00350+ ch%22%3A1%7D; yXXXXX=5108882918757752765; _vhist=%7B%22visitor_id%

  00420+
22%3A%225108882918757752765%22%2C%22seen_articles%22%3A%22%7B%5C%22208

  00490+
1%5C%22%3A1410888291%2C%5C%2213102%5C%22%3A1410888488%2C%5C%2213225%5C

  00560+
%22%3A1410956287%2C%5C%2213369%5C%22%3A1410996782%2C%5C%2212535%5C%22%

  00630+
3A1410997026%2C%5C%223020%5C%22%3A1410997306%2C%5C%222913%5C%22%3A1410

  00700+
997471%2C%5C%222426%5C%22%3A1410997631%2C%5C%2213208%5C%22%3A141099779

  00770+
0%2C%5C%222350%5C%22%3A1410997918%2C%5C%2212995%5C%22%3A1410998005%2C%

  00840+
5C%2212777%5C%22%3A1410998345%2C%5C%222996%5C%22%3A1410998730%2C%5C%22

  00910+
3471%5C%22%3A1410999158%2C%5C%222778%5C%22%3A1410999435%2C%5C%221840%5

  00980+
C%22%3A1410999880%2C%5C%222662%5C%22%3A1411000322%2C%5C%222655%5C%22%3

  01050+
A1411000534%2C%5C%222777%5C%22%3A1411000586%2C%5C%222398%5C%22%3A14110

  01120+
00887%2C%5C%223787%5C%22%3A1411001258%2C%5C%2212977%5C%22%3A1411001402

  01190+
%2C%5C%222447%5C%22%3A1411001612%2C%5C%222450%5C%22%3A1411001901%2C%5C

  01260+
%222463%5C%22%3A1411002161%2C%5C%2213213%5C%22%3A1411029331%2C%5C%2236

  01330+
83%5C%22%3A1411029512%2C%5C%22655%5C%22%3A1411029963%2C%5C%222217%5C%2

  01400+ 2%3A1411030200%2C%5C%222464%5C%22%3A1411030432%2C%5C%222767%


-----------------------------


Thanks!
-Alex



On Mon, Nov 24, 2014 at 12:52 AM, Willy Tarreau <w...@1wt.eu> wrote:

> On Sun, Nov 23, 2014 at 11:57:50PM +0800, Alexey Zilber wrote:
> > Hi Willy,
> >
> >   I already do "option dontlognull".  These get logged anyway.  We've
> > actually seen a high amount of 400 errors happening.  I'll post the
> configs
> > in a day or two (the pre/post) configs.  I've been able to knock down the
> > 400 and 502 errors to about 10%, with 400 errors being around .6% of
> total
> > connections.
>
> Then there are data received over these connections, so please follow
> Lukas' advice and issue "show errors" on the stats socket, you'll see
> what is sent there. Maybe some bogus browsers sending an SSL hello over
> this connection or something like this...
>
> Willy
>
>

Reply via email to