On Thu, 16 Jun 2022 20:49:00 +1000 David Leadbeater <d...@dgl.cx> wrote:
> On Thu, 16 Jun 2022 at 20:27, Aleksandar Lazic <al-hapr...@none.at> wrote: > [...] > > > Thanks ! I'm able to reproduce the segfault. I'm on it. > > Thanks! > > > But in any way wouldn't be better that the rule > > > > acl ipwtf hdr(Host),lower,field(1,:),word(-1,.,2) ip.wtf > > > > be after > > > > > > tcp-request inspect-delay 10s > > > > tcp-request content switch-mode http if !ipwtf > > > > because it "feels somehow wrong" to make header checks in tcp mode. > > There's some explanation in the configuration manual about how it > works, and it's documented to work, at least for HTTP/1. > > https://docs.haproxy.org/2.6/configuration.html#4 > "While HAProxy is able to parse HTTP/1 in-fly from tcp-request content > rules"... > > Essentially I want to keep the connection as TCP, so that I can have a > backend that gets raw HTTP/1.1. I wrote some more about it at > https://dgl.cx/2022/04/showing-you-your-actual-http-request Nice service this https://ip.wtf/ thanks for offering it. > [...] > > Opinions? > > Clearly in nearly all cases it's better to let haproxy be the HTTP > proxy layer, especially as it isn't possible to mix for HTTP/2, but it > lets me do my crazy thing here :) Thank you David for your patience and explanation. I fully agree HAProxy is a very flexible Server :-) > David Regards Alex