Re: Re: Help, URL does not work with CHINESE charactor?
It works with "option accept-invalid-http-request". Thanks a lot. Yes, it does not work with IE only. Other web browser is fine. JWD From: Lukas Tribus Date: 2019-12-24 19:31 To: JWD CC: Aleksandar Lazic; haproxy Subject: Re: Re: Help, URL does not work with CHINESE charactor? On Tue, 24 Dec 2019 at 11:46, JWD wrote: > > I have tried version 1.7,1.8,2.0,2.1, all the same. > > Config: > frontend www > acl acl-app hdr(host) -i sharepoint.domain.com > use_backend app if acl-app > backend > cookie HA-Server insert indirect nocache > server app 192.168.129.66:80 cookie app check inter 30s > > Log: > Dec 24 18:37:01 localhost haproxy[20108]: 192.168.134.81 - - > [24/Dec/2019:10:37:01 +] "" 400 0 "" "" 2423 066 "www" "www" > "" -1 -1 -1 -1 0 CR-- 2 2 0 0 0 0 0 "" "" "" "" > > # echo "show errors" | socat unix-connect:/etc/haproxy/hastats stdio > Total events captured on [24/Dec/2019:10:13:18.909] : 3 > > [24/Dec/2019:10:07:53.573] frontend www (#2): invalid request > backend (#-1), server (#-1), event #2 > src 192.168.134.81:3400, session #103, session flags 0x0080 > HTTP msg state MSG_RQURI(4), msg flags 0x, tx flags 0x > HTTP chunk len 0 bytes, HTTP body len 0 bytes > buffer flags 0x20808002, out 0 bytes, total 566 bytes > pending 566 bytes, wrapping at 16384, error at position 109: > > 0 GET > /CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefau > 00070+ lt.aspx?destLink=/CorWork/ProjectShare/\xB8\xC4\xBD\xF8\xCF\xEE\xC4 > 00116+ \xBF/ECM\xD0\xC2\xB9\xA6\xC4\xDC HTTP/1.1\r\n Those are invalid requests, the URL must be encoded. Does IE really still sends this crap after all those years? You can try ignoring this with: option accept-invalid-http-request But it does not ignore everything. See: https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4.2-option%20accept-invalid-http-request Lukas
Re: Re: Help, URL does not work with CHINESE charactor?
I have tried version 1.7,1.8,2.0,2.1, all the same. Config: frontend www acl acl-app hdr(host) -i sharepoint.domain.com use_backend app if acl-app backend cookie HA-Server insert indirect nocache server app 192.168.129.66:80 cookie app check inter 30s Log: Dec 24 18:37:01 localhost haproxy[20108]: 192.168.134.81 - - [24/Dec/2019:10:37:01 +] "" 400 0 "" "" 2423 066 "www" "www" "" -1 -1 -1 -1 0 CR-- 2 2 0 0 0 0 0 "" "" "" "" # echo "show errors" | socat unix-connect:/etc/haproxy/hastats stdio Total events captured on [24/Dec/2019:10:13:18.909] : 3 [24/Dec/2019:10:07:53.573] frontend www (#2): invalid request backend (#-1), server (#-1), event #2 src 192.168.134.81:3400, session #103, session flags 0x0080 HTTP msg state MSG_RQURI(4), msg flags 0x, tx flags 0x HTTP chunk len 0 bytes, HTTP body len 0 bytes buffer flags 0x20808002, out 0 bytes, total 566 bytes pending 566 bytes, wrapping at 16384, error at position 109: 0 GET /CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefau 00070+ lt.aspx?destLink=/CorWork/ProjectShare/\xB8\xC4\xBD\xF8\xCF\xEE\xC4 00116+ \xBF/ECM\xD0\xC2\xB9\xA6\xC4\xDC HTTP/1.1\r\n 00138 Accept: text/html, application/xhtml+xml, image/jxr, */*\r\n 00196 Accept-Language: zh-CN\r\n 00220 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; r 00290+ v:11.0) like Gecko\r\n 00310 Accept-Encoding: gzip, deflate\r\n 00342 Host: app.td-tech.com\r\n 00365 Connection: Keep-Alive\r\n 00389 Cookie: HA-Server=app; WSS_FullScreenMode=false; stsSyncAppName=Outloo 00459+ k; stsSyncIconPath=%2F%5Flayouts%2F15%2Fimages%2Fmenuoutl%2Egif; Ribbo 00529+ n.Document=973830|-1|0|-533254637\r\n 00564 \r\n JWD From: Aleksandar Lazic Date: 2019-12-24 17:08 To: JWD; haproxy Subject: Re: Help, URL does not work with CHINESE charactor? Hi JWD. On 24.12.19 02:53, JWD wrote: > Hi,all > I have a backend, which is sharepoint website. > If URL include CHINESE charactor, it return HTTP 400 ERROR from IE 11 with > haproxy. > But it is ok without haproxy. > Can anyone help me? > Thanks. > This can not access, return HTTP 400 ERROR: > http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment > /DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/改进项目/知识管理一期 > 项目/年度评审会 > This is ok, if encode URL: > http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/%e6%94%b9%e8%bf%9b%e9%a1%b9%e7%9b%ae/%e7%9f%a5%e8%af%86%e7%ae%a1%e7%90%86%e4%b8%80%e6%9c%9f%e9%a1%b9%e7%9b%ae/%e5%b9%b4%e5%ba%a6%e8%af%84%e5%ae%a1%e4%bc%9a > > Which haproxy version do you use? haproxy -vv What's in your haproxy log? What's your haproxy config, shorten for the use case. My assumption is that you try to use something like this `option httpchk GET \r\nHost:\ sharepoint.domain.com\r\rn... ` This option sends the URL 1:1 as written in the config, no conversion will be done. Maybe in the future there will be a funtion `url_enc` similar to the url_dec command but for now you will need to encode the URL as you have done. I have created a feature request for url_enc function. https://www.mail-archive.com/haproxy@formilux.org/msg35783.html > JWD Regards Aleks
Help, URL does not work with CHINESE charactor?
Hi,all I have a backend, which is sharepoint website. If URL include CHINESE charactor, it return HTTP 400 ERROR from IE 11 with haproxy. But it is ok without haproxy. Can anyone help me? Thanks. This can not access, return HTTP 400 ERROR: http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/改进项目/知识管理一期项目/年度评审会 This is ok, if encode URL: http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/%e6%94%b9%e8%bf%9b%e9%a1%b9%e7%9b%ae/%e7%9f%a5%e8%af%86%e7%ae%a1%e7%90%86%e4%b8%80%e6%9c%9f%e9%a1%b9%e7%9b%ae/%e5%b9%b4%e5%ba%a6%e8%af%84%e5%ae%a1%e4%bc%9a JWD
Help, URL does not work with CHINESE charactor?
Hi,all I have a backend, which is sharepoint website. If URL include CHINESE charactor, it return HTTP 400 ERROR from IE 11 with haproxy. But it is ok without haproxy. Can anyone help me? Thanks. This can not access, return HTTP 400 ERROR: http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/改进项目/知识管理一期项目/年度评审会 This is ok, if encode URL: http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/%e6%94%b9%e8%bf%9b%e9%a1%b9%e7%9b%ae/%e7%9f%a5%e8%af%86%e7%ae%a1%e7%90%86%e4%b8%80%e6%9c%9f%e9%a1%b9%e7%9b%ae/%e5%b9%b4%e5%ba%a6%e8%af%84%e5%ae%a1%e4%bc%9a JWD
How to log %[hdr_ip(X-Forwarded-For,-1)]
Hi,all I want to write %[hdr_ip(X-Forwarded-For,-1)] to log, how to do that? And how to log it with [if] confition? Like set-header below: http-request set-header X-Client-IP %[hdr_ip(X-Forwarded-For,-1)] if !{ hdr(X-Client-IP) -m found } { hdr(X-Forwarded-For) -m found } http-request set-header X-Client-IP %[src] if !{ hdr(X-Client-IP) -m found } !{ hdr(X-Forwarded-For) -m found } Can anyone help me? Thanks. JWD
Re: Re: Is it possible to transfer client ip (src) from ssl:443 to https:8443?
Thanks. I found another very useful way. Since 1.7 version, set-var can be in process scope. In this way, I can set and transfer variables from one front-end to another front-end. JWD From: Aleksandar Lazic Date: 2017-11-19 18:35 To: JWD; haproxy Subject: Re: Is it possible to transfer client ip (src) from ssl:443 to https:8443? Ho JWD -- Originalnachricht -- Von: "JWD" An: "haproxy" Gesendet: 19.11.2017 04:51:05 Betreff: Is it possible to transfer client ip (src) from ssl:443 to https:8443? >client access ssl:443. >https:8443 as backend of ssl:443. > >Is it possible to transfer client ip (src) from ssl:443 to https:8443? >Or transfer a true/false variable, so https:8443 can decide accept or >deny? > >Example: > >frontend https >bind *:8443 ssl crt /etc/haproxy/certs/default >backend https-backend >acl acl-allow-ip src -f /etc/haproxy/acl-allow-ip.txt >acl acl-mydir path_beg -i /mydir >http-request deny if !acl-allow-ip acl-mydir >server 172.31.1.1:8080 > >frontend ssl >bind*:443 >backend ssl-backend >server 127.0.0.1:8443 source 0.0.0.0 > I suggest to use the proxy protocol http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-send-proxy-v2-ssl-cn http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.1-accept-proxy ``` frontend ssl ... server ssl-backend 127.0.0.1:8443 ... send-proxy-v2-ssl-cn backend ssl-backend bind 127.0.0.1:8443 ... accept-proxy ``` > >JWD Regards Aleks
Is it possible to transfer client ip (src) from ssl:443 to https:8443?
client access ssl:443. https:8443 as backend of ssl:443. Is it possible to transfer client ip (src) from ssl:443 to https:8443? Or transfer a true/false variable, so https:8443 can decide accept or deny? Example: frontend https bind *:8443 ssl crt /etc/haproxy/certs/default backend https-backend acl acl-allow-ip src -f /etc/haproxy/acl-allow-ip.txt acl acl-mydir path_beg -i /mydir http-request deny if !acl-allow-ip acl-mydir server 172.31.1.1:8080 frontend ssl bind*:443 backend ssl-backend server 127.0.0.1:8443 source 0.0.0.0 JWD
How to control traffic like linux TC, instead of reject it?
There is many flash in my website, but bandwith is low. If one or two people download flash, then others can not visit the website. How to control traffic like linux TC, instead of reject it? I can not find a way to limite rate by per client with TC. Can anyone give me some tips? Thanks. -- JWD
How to control traffic like linux TC, instead of reject it?
There is many flash in my website, but bandwith is low. If one or two people download flash, then others can not visit the website. How to control traffic like linux TC, instead of reject it? I can not find a way to limite rate by per client with TC. Can anyone give me some tips? Thanks. -- JWD
Is it possible to use backend server 127.0.0.1 with TProxy?
TProxy does not work in this case: server local-server 127.0.0.1 source 0.0.0.0 usesrc clientip I have to delete "usesrc clientip", but then I can not see "clientip". Is it possible to use backend server 127.0.0.1 with TProxy? Or any other function to make it work with backend server 127.0.0.1? -- JWD
Is it possible to use backend server 127.0.0.1 with TProxy?
TProxy does not work in this case: server local-server 127.0.0.1 source 0.0.0.0 usesrc clientip I have to delete "usesrc clientip", but then I can not see "clientip". Is it possible to use backend server 127.0.0.1 with TProxy? Or any other function to make it work with backend server 127.0.0.1? -- JWD
subscribe
-- JWD