Hi. Am 27.08.2018 um 15:03 schrieb Pieter Thysebaert: > Hi, > > I am running HA-Proxy version 1.8.13-1ppa1~xenial 2018/08/01 on > Linux backendsc000001 4.15.0-1021-azure #21~16.04.1-Ubuntu SMP (in Azure). > > This is a simple test setup; HAproxy is listening on port 444 (no SSL), the > backlend is a Python SimpleHTTPServer on port 8000 on localhost. > > When I setup a TCP connection (nc -zw30 127.0.0.1 444), the packet capture > shows > the expected SYN, SYN ACK, ACK then FIN, ACK, FIN ACK sequence, however: > > The FIN ACK packet sent back by HAProxy includes the content of the error-400 > page (even if no HTTP client was used to connect in the first place) followed > by > a RST from the client - see Wireshark screenshot. > > I am looking for the configuration items in the haproxy.cfg / system > configuration items that enable this behaviour. How would I get back a plain > FIN ACK from the server and not trigger a client RST in this case (TCP > connection setup, no HTTP request sent)?
That's expected. > For reference, my HAProxy config (that shows this behaviour): > global [snipp] > defaults > log global > mode http The default mode is http. When you change to tcp no http error message will be send. > option httplog [snipp] > errorfile 400 /etc/haproxy/errors/400.http > > backend python > mode http Here also http mode. What does the pythonserver sends back when you don't send a valid http request? Does the behavior change when you change to tcp? > server pythonserver 127.0.0.1:8000 > > frontend app > bind :444 > default_backend python > > > Kind regards, > Pieter Best regards Aleks