Cyril, thanks! It's surprising for me actually - to accept request & log error simultaneously :)
Btw, I've reconfigured my service to use TCP frontend/backend, so there are no errors anymore. PS. Lukas, thanks also! RFC3986 was very helpful - our backend team agreed to fix the application. On Wed, Jan 7, 2015 at 4:11 AM, Lukas Tribus <luky...@hotmail.com> wrote: > > Le 22/12/2014 19:00, Lukas Tribus a écrit : > >>> OK, got it. > >>> > >>> What should I do with HAProxy to handle with them? (option > >>> accept-invalid-http-request is set already) > >> > >> You can't. HAproxy will not support those URI's. > >> > >> accept-invalid-http-request allows a limited set of forbidden > >> chars, but not the ones you are using (> 127/0x7f ASCII). > > > > That's not exactly true. When "accept-invalid-http-request" is used, > > haproxy accepts ASCII chars> 127, but will always capture them as bad > > messages. > > Ah, thanks Cyril! I clearly misread the docs. > > > > > From the "show errors" output I reput it here : > >> [22/Dec/2014:16:33:11.765] frontend https_frontend_ssl_terminate (#3): > >> invalid request > >> backend <NONE> (#-1), server <NONE> (#-1), event #7 > >> src <example1>:49803, session #24184, session flags 0x00000080 > >> HTTP msg state 27, msg flags 0x00000000, tx flags 0x00000000 > > > > We can see "HTTP msg state 27", which means that haproxy has > > successfully passed the request parsing (27 = HTTP_MSG_BODY). Without > > "option accept-invalid-http-request", it would have failed on state 26 > > (HTTP_MSG_ERROR) > > > > If Juriy is tracking 400 BADREQ requests, this is not the one provided > > previously. > > Thanks for clarifying. Basically, in this particular situation we would > have > to catch the request via tcpdump or we would need to be very lucky to > catch it with "show errors" on the unix admin socket, because it would be > filled with invalid but accepted requests like this one, hiding the request > that is actually not accepted ... > > > > Lukas > > -- Best regards, Juriy Strashnov Mob. +7 (953) 742-1550 E-mail: j.strash...@me.com Please consider the environment before printing this email.
