Hi Norman,
Op 11-5-2018 om 19:36 schreef Norman Branitsky:
After upgrading to the latest version of Eclipse and installing our
custom Eclipse Plugin,
my developers are now being blocked by HAProxy.
Here’s a sample of the problem:
May 11 15:03:37 localhost haproxy[13089]: 66.192.142.9:43041
[11/May/2018:15:03:37.932] main_ssl~
ssl_backend-etkdev/i-0912nnnnnnnn0e3b
0/0/1/24/25 200 436 - - --NN 52/52/0/0/0 0/0 "GET
/entellitrak/private/api/workspaces/query/current HTTP/1.1"
May 11 15:03:38 localhost haproxy[13089]: 66.192.142.9:56417
[11/May/2018:15:03:38.117] main_ssl~ main_ssl/<NOSRV>
0/-1/-1/-1/0 403 188 - - PR-- 50/50/0/0/0 0/0 "POST
/entellitrak/private/api/packages/query/workspace/txxxx.jxxxxx HTTP/1.1"
" PR The proxy blocked the client's HTTP request, either because of an
invalid HTTP syntax, in which case it returned an HTTP 400 error to
the client, or because a deny filter matched, in which case it
returned an HTTP 403 error."
So, is the 403 because the backend server is unknown in the 2^nd request?
Or is the backend server unknown because of the 403?
This is the beginning of the JSON payload in the POST statement:
ID: 24
Address:
https://etkdev.wisits.org/entellitrak/private/api/packages/query/workspace/thomas.jackson
Http-Method: POST
Content-Type: application/json
Headers: {Authorization=[Basic dGhvbWFzLmphY2tzb246UGFzc3dvcmQxIQ==],
Content-Type=[application/json], Accept=[application/json]}
Could it be the 'Host' header is missing.? Which is required by http/1.1.
And above authorization can be decoded.. be careful what internal/secure
information is posted..
Payload:
["package.fileServer.c0413431-1236-4825-90f1-5f5be131a237","package.rfWorkflowParameterJavascript.a227ee0b-6b59-4643-b1f8-1ff203948a24",
HAProxy version info:
[WIIRIS-LB-240]# /usr/local/sbin/haproxy -vv
HA-Proxy version 1.7.9 2017/08/18
Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
-fwrapv
OPTIONS = USE_SLZ=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.2l 25 May 2017 (VERSIONS
DIFFER!)
p.s. Running with different versions between build/running is a bad thing..
Regards,
PiBa-NL