Re: Re: Help, URL does not work with CHINESE charactor?
Hi! On Tue, Dec 24, 2019 at 07:59:25PM +0800, JWD wrote: > It works with "option accept-invalid-http-request". > Thanks a lot. > > Yes, it does not work with IE only. > Other web browser is fine. I already noticed this behaviour with very old versions of IE in the past, it would do this on redirects: if the server sends binary characters in a redirect, then it would follow them without re-encoding them. I didn't know that more recent versions would still do this mistake. I strongly suspect that your application is the one producing such wrong links and that IE blindly follows them. You must really have a look there and fix the application. Each time you enable "option accept-invalid-something" it must be understood as a final warning for something deemed to fail sooner or later. Willy
Re: Re: Help, URL does not work with CHINESE charactor?
It works with "option accept-invalid-http-request". Thanks a lot. Yes, it does not work with IE only. Other web browser is fine. JWD From: Lukas Tribus Date: 2019-12-24 19:31 To: JWD CC: Aleksandar Lazic; haproxy Subject: Re: Re: Help, URL does not work with CHINESE charactor? On Tue, 24 Dec 2019 at 11:46, JWD wrote: > > I have tried version 1.7,1.8,2.0,2.1, all the same. > > Config: > frontend www > acl acl-app hdr(host) -i sharepoint.domain.com > use_backend app if acl-app > backend > cookie HA-Server insert indirect nocache > server app 192.168.129.66:80 cookie app check inter 30s > > Log: > Dec 24 18:37:01 localhost haproxy[20108]: 192.168.134.81 - - > [24/Dec/2019:10:37:01 +] "" 400 0 "" "" 2423 066 "www" "www" > "" -1 -1 -1 -1 0 CR-- 2 2 0 0 0 0 0 "" "" "" "" > > # echo "show errors" | socat unix-connect:/etc/haproxy/hastats stdio > Total events captured on [24/Dec/2019:10:13:18.909] : 3 > > [24/Dec/2019:10:07:53.573] frontend www (#2): invalid request > backend (#-1), server (#-1), event #2 > src 192.168.134.81:3400, session #103, session flags 0x0080 > HTTP msg state MSG_RQURI(4), msg flags 0x, tx flags 0x > HTTP chunk len 0 bytes, HTTP body len 0 bytes > buffer flags 0x20808002, out 0 bytes, total 566 bytes > pending 566 bytes, wrapping at 16384, error at position 109: > > 0 GET > /CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefau > 00070+ lt.aspx?destLink=/CorWork/ProjectShare/\xB8\xC4\xBD\xF8\xCF\xEE\xC4 > 00116+ \xBF/ECM\xD0\xC2\xB9\xA6\xC4\xDC HTTP/1.1\r\n Those are invalid requests, the URL must be encoded. Does IE really still sends this crap after all those years? You can try ignoring this with: option accept-invalid-http-request But it does not ignore everything. See: https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4.2-option%20accept-invalid-http-request Lukas
Re: Re: Help, URL does not work with CHINESE charactor?
On Tue, 24 Dec 2019 at 11:46, JWD wrote: > > I have tried version 1.7,1.8,2.0,2.1, all the same. > > Config: > frontend www > acl acl-app hdr(host) -i sharepoint.domain.com > use_backend app if acl-app > backend > cookie HA-Server insert indirect nocache > server app 192.168.129.66:80 cookie app check inter 30s > > Log: > Dec 24 18:37:01 localhost haproxy[20108]: 192.168.134.81 - - > [24/Dec/2019:10:37:01 +] "" 400 0 "" "" 2423 066 "www" "www" > "" -1 -1 -1 -1 0 CR-- 2 2 0 0 0 0 0 "" "" "" "" > > # echo "show errors" | socat unix-connect:/etc/haproxy/hastats stdio > Total events captured on [24/Dec/2019:10:13:18.909] : 3 > > [24/Dec/2019:10:07:53.573] frontend www (#2): invalid request > backend (#-1), server (#-1), event #2 > src 192.168.134.81:3400, session #103, session flags 0x0080 > HTTP msg state MSG_RQURI(4), msg flags 0x, tx flags 0x > HTTP chunk len 0 bytes, HTTP body len 0 bytes > buffer flags 0x20808002, out 0 bytes, total 566 bytes > pending 566 bytes, wrapping at 16384, error at position 109: > > 0 GET > /CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefau > 00070+ lt.aspx?destLink=/CorWork/ProjectShare/\xB8\xC4\xBD\xF8\xCF\xEE\xC4 > 00116+ \xBF/ECM\xD0\xC2\xB9\xA6\xC4\xDC HTTP/1.1\r\n Those are invalid requests, the URL must be encoded. Does IE really still sends this crap after all those years? You can try ignoring this with: option accept-invalid-http-request But it does not ignore everything. See: https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4.2-option%20accept-invalid-http-request Lukas
Re: Re: Help, URL does not work with CHINESE charactor?
I have tried version 1.7,1.8,2.0,2.1, all the same. Config: frontend www acl acl-app hdr(host) -i sharepoint.domain.com use_backend app if acl-app backend cookie HA-Server insert indirect nocache server app 192.168.129.66:80 cookie app check inter 30s Log: Dec 24 18:37:01 localhost haproxy[20108]: 192.168.134.81 - - [24/Dec/2019:10:37:01 +] "" 400 0 "" "" 2423 066 "www" "www" "" -1 -1 -1 -1 0 CR-- 2 2 0 0 0 0 0 "" "" "" "" # echo "show errors" | socat unix-connect:/etc/haproxy/hastats stdio Total events captured on [24/Dec/2019:10:13:18.909] : 3 [24/Dec/2019:10:07:53.573] frontend www (#2): invalid request backend (#-1), server (#-1), event #2 src 192.168.134.81:3400, session #103, session flags 0x0080 HTTP msg state MSG_RQURI(4), msg flags 0x, tx flags 0x HTTP chunk len 0 bytes, HTTP body len 0 bytes buffer flags 0x20808002, out 0 bytes, total 566 bytes pending 566 bytes, wrapping at 16384, error at position 109: 0 GET /CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefau 00070+ lt.aspx?destLink=/CorWork/ProjectShare/\xB8\xC4\xBD\xF8\xCF\xEE\xC4 00116+ \xBF/ECM\xD0\xC2\xB9\xA6\xC4\xDC HTTP/1.1\r\n 00138 Accept: text/html, application/xhtml+xml, image/jxr, */*\r\n 00196 Accept-Language: zh-CN\r\n 00220 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; r 00290+ v:11.0) like Gecko\r\n 00310 Accept-Encoding: gzip, deflate\r\n 00342 Host: app.td-tech.com\r\n 00365 Connection: Keep-Alive\r\n 00389 Cookie: HA-Server=app; WSS_FullScreenMode=false; stsSyncAppName=Outloo 00459+ k; stsSyncIconPath=%2F%5Flayouts%2F15%2Fimages%2Fmenuoutl%2Egif; Ribbo 00529+ n.Document=973830|-1|0|-533254637\r\n 00564 \r\n JWD From: Aleksandar Lazic Date: 2019-12-24 17:08 To: JWD; haproxy Subject: Re: Help, URL does not work with CHINESE charactor? Hi JWD. On 24.12.19 02:53, JWD wrote: > Hi,all > I have a backend, which is sharepoint website. > If URL include CHINESE charactor, it return HTTP 400 ERROR from IE 11 with > haproxy. > But it is ok without haproxy. > Can anyone help me? > Thanks. > This can not access, return HTTP 400 ERROR: > http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment > /DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/改进项目/知识管理一期 > 项目/年度评审会 > This is ok, if encode URL: > http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/%e6%94%b9%e8%bf%9b%e9%a1%b9%e7%9b%ae/%e7%9f%a5%e8%af%86%e7%ae%a1%e7%90%86%e4%b8%80%e6%9c%9f%e9%a1%b9%e7%9b%ae/%e5%b9%b4%e5%ba%a6%e8%af%84%e5%ae%a1%e4%bc%9a > > Which haproxy version do you use? haproxy -vv What's in your haproxy log? What's your haproxy config, shorten for the use case. My assumption is that you try to use something like this `option httpchk GET \r\nHost:\ sharepoint.domain.com\r\rn... ` This option sends the URL 1:1 as written in the config, no conversion will be done. Maybe in the future there will be a funtion `url_enc` similar to the url_dec command but for now you will need to encode the URL as you have done. I have created a feature request for url_enc function. https://www.mail-archive.com/haproxy@formilux.org/msg35783.html > JWD Regards Aleks
Re: Help, URL does not work with CHINESE charactor?
Hi JWD. On 24.12.19 02:53, JWD wrote: Hi,all I have a backend, which is sharepoint website. If URL include CHINESE charactor, it return HTTP 400 ERROR from IE 11 with haproxy. But it is ok without haproxy. Can anyone help me? Thanks. This can not access, return HTTP 400 ERROR: http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment /DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/改进项目/知识管理一期 项目/年度评审会 This is ok, if encode URL: http://sharepoint.domain.com/CorWork/_layouts/15/TD.ECM.DoucmentDepartment/DepartmentFileDefault.aspx?destLink=/CorWork/ProjectShare/%e6%94%b9%e8%bf%9b%e9%a1%b9%e7%9b%ae/%e7%9f%a5%e8%af%86%e7%ae%a1%e7%90%86%e4%b8%80%e6%9c%9f%e9%a1%b9%e7%9b%ae/%e5%b9%b4%e5%ba%a6%e8%af%84%e5%ae%a1%e4%bc%9a Which haproxy version do you use? haproxy -vv What's in your haproxy log? What's your haproxy config, shorten for the use case. My assumption is that you try to use something like this `option httpchk GET \r\nHost:\ sharepoint.domain.com\r\rn... ` This option sends the URL 1:1 as written in the config, no conversion will be done. Maybe in the future there will be a funtion `url_enc` similar to the url_dec command but for now you will need to encode the URL as you have done. I have created a feature request for url_enc function. https://www.mail-archive.com/haproxy@formilux.org/msg35783.html JWD Regards Aleks
