Re: [icinga-users] Anyone using haproxy | icinga2 api and X-HTTP-Method-Override

Tue, 07 Feb 2017 05:34:33 -0800 

I forgot to mention that it does work in TCP mode, what I want to achieve is in 
HTTP mode so that more feature of haproxy can be used ( inspection )



--
Pascal Larivée

iWeb

Hello,

seems like Haproxy does not like having the X-HTTP-Method-Override sent to it, 
( 400 Bad Request ).   Anyone have use Haproxy and method-override ? I can't 
find anything on google ( except that method-override is the devil.... ) and 
haproxy docs.  The debug from the error:

[07/Feb/2017:12:52:01.570] frontend API_CORE_FRONTEND (#2): invalid request
  backend <NONE> (#-1), server <NONE> (#-1), event #5
  src 172.xxx.xxx.xxx:51568, session #9, session flags 0x00000080
  HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000
  HTTP chunk len 0 bytes, HTTP body len 0 bytes
  buffer flags 0x00808002, out 0 bytes, total 352 bytes
  pending 352 bytes, wrapping at 16384, error at position 120:

  00000  POST /v1/objects/hosts HTTP/1.1\r\n
  00033  Authorization: Basic XXXXXXXXXXX=\r\n
  00072  Accept: application/json\r\n
  00098  X-HTTP-Method-Override : GET\r\n
  00128  Content-Type: application/json\r\n
  00160  Host: api.xxxxx.staging.xxxxx.org:5665\r\n
  00211  Connection: close\r\n
  00230  User-Agent: Paw/2.3.1 (Macintosh; OS X/10.11.6) GCDHTTPRequest\r\n
  00294  Content-Length: 36\r\n
  00314  \r\n
  00316  {"attrs":["host.name","host.state"]}

I'm using Haproxy to be in front of the api for external ressources ( meaning 
other things that are not core to Icinga like satellite servers, etc... ) like 
a tool to fetch info and display it somewhere else.
I don't do passthrough because the inhouse tools need ssl certs that are 
accepted by most of the framework/os  ( using incinga own CA for the complete 
icinga2 infra )

the tools do use filters and long list of things that cannot be fitted inside 
the normal GET request ( hence the use of POST and method-override )

Haproxy is also use has a basic WAF to protect.

I do have some work around in mind like adding the header after the intial 
request with set-header but that would mean the software won't be standard to 
the APi documentation ( someone would have to know that haproxy is there that 
is why that POST to fetch things does not have the GET override. )



--
Pascal Larivée

iWeb

_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users

Reply via email to