On Thu, 16 Jun 2022 at 20:27, Aleksandar Lazic <al-hapr...@none.at> wrote: [...] > > Thanks ! I'm able to reproduce the segfault. I'm on it.
Thanks! > But in any way wouldn't be better that the rule > > acl ipwtf hdr(Host),lower,field(1,:),word(-1,.,2) ip.wtf > > be after > > > > tcp-request inspect-delay 10s > > > tcp-request content switch-mode http if !ipwtf > > because it "feels somehow wrong" to make header checks in tcp mode. There's some explanation in the configuration manual about how it works, and it's documented to work, at least for HTTP/1. https://docs.haproxy.org/2.6/configuration.html#4 "While HAProxy is able to parse HTTP/1 in-fly from tcp-request content rules"... Essentially I want to keep the connection as TCP, so that I can have a backend that gets raw HTTP/1.1. I wrote some more about it at https://dgl.cx/2022/04/showing-you-your-actual-http-request [...] > Opinions? Clearly in nearly all cases it's better to let haproxy be the HTTP proxy layer, especially as it isn't possible to mix for HTTP/2, but it lets me do my crazy thing here :) David
