Hi
Today I started to get this problem.
Linie 29140: Jul 29 18:47:09 haproxyxmail01 haproxy[1010]: 192.168.y.65:26570
[29/Jul/2023:18:47:09.605] FrontEnd_Xmail_L7_IPv4~
FrontEnd_Xmail_L7_IPv4/<NOSRV> -1/-1/-1/-1/0 503 108 - - SC-- 10/10/0/0/0 0/0
"HEAD https://mail.domin.com/OAB/857f4bf9-4f97-466c-a337-6316b1aa3cc8/oab.xml
HTTP/2.0<https://mail.domin.com/OAB/857f4bf9-4f97-466c-a337-6316b1aa3cc8/oab.xml%20HTTP/2.0>"
If I understand the error correctly, it says that it do not find a match for a
backend or is this correct, and if so why, because there is a match??
"Mail.domain.com" is the correct FQDN just change here. The only different is
it ends on http/2.0
Where all the request that works is http/1.1 which fits as Exchange do not
support 2.0 but only 1.1
But what make it strange is when I try to debug with Fiddler the problem goes
away, and all works, when I turn of Fiddler the problem starts again.
But why this problem now and any ideas how to fix it.
I am running HAproxy 2.8.1 under Ubuntu 22.04 (Full updated) and updated some
days ago to 2.8.1.
Here is the Frontend config
frontend FrontEnd_Xmail_L7_IPv4
mode http
option socket-stats
timeout tarpit 10s
# Allow Exchange Admin Center to certain private network only
acl From_private_network src 10.0.0.0/8 192.168.y.0/24
bind 10.x.x.x:80
bind 10.x.x.x:443 ssl crt /etc/haproxy/crt/mail_domain_com.pem
acl Client_Certificate_Accepted always_true
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff
http-response set-header Strict-Transport-Security max-age=63072000
acl XMail hdr(host) -i mail.domian.com autodiscover.domain.com
http-request tarpit deny_status 404 if !XMail
http-request redirect scheme https code 301 if !{ ssl_fc }
acl XMail_Autodiscover url_beg -i /autodiscover
acl XMail_EAS url_beg -i /microsoft-server-activesync
acl XMail_ECP url_beg -i /ecp
acl XMail_EWS url_beg -i /ews
acl XMail_MAPI url_beg -i /mapi
acl XMail_OAB url_beg -i /oab
acl XMail_OWA url_beg -i /owa
acl XMail_RPC url_beg -i /rpc
acl XMail_PowerShell url_beg -i /powershell
acl XMail_NotAllowed url_beg -i /
use_backend HA_DAG_XMail_Autodiscover if XMail XMail_Autodiscover #(
From_private_network || Client_Certificate_Accepted )
use_backend HA_DAG_XMail_EAS if XMail XMail_EAS
Client_Certificate_Accepted
use_backend HA_DAG_XMail_ECP if XMail XMail_ECP
From_private_network
use_backend HA_DAG_XMail_EWS if XMail XMail_EWS
From_private_network
use_backend HA_DAG_XMail_MAPI if XMail XMail_MAPI
From_private_network
use_backend HA_DAG_XMail_OAB if XMail XMail_OAB
From_private_network
use_backend HA_DAG_XMail_OWA if XMail XMail_OWA
From_private_network Client_Certificate_Accepted
use_backend HA_DAG_XMail_RPC if XMail XMail_RPC
From_private_network
use_backend HA_DAG_XMail_PowerShell if XMail XMail_PowerShell
From_private_network
Regards
Henning
