The documentation also says
In HTTP mode, it is possible to rewrite, add or delete some of the request and response headers based on regular expressions. It is also possible to block a request or a response if a particular header matches a regular expression, which is enough to stop most elementary protocol attacks, and to protect against information leak from the internal network. But there is a limitation to this : since HAProxy's HTTP engine does not support keep-alive, only headers passed during the first request of a TCP session will be seen. All subsequent headers will be considered data only and not analyzed. Furthermore, HAProxy never touches data contents, it stops analysis at the end of headers.
The above confuses me about keep-alive. Please suggest if this applies in http mode.
On Wed, Oct 26, 2011 at 6:15 PM, Vincent Bernat <bernat#luffy.cx> wrote:
> OoO En cette nuit nuageuse du jeudi 27 octobre 2011, vers 00:02, Vivek
> Malik <vivek.malik#gmail.com> disait :
>
> > We have been using haproxy in production for around 6 months while
> > using httpclose. We use functions like reqidel, reqadd to manipulate
> > request headers and use_backend to route a request to a specific
> > backend.
>
> > We run websites which often have ajax calls and load javascripts and
> > css files from the server. Thinking about keep alive, I think it
> > would be desired to keep client side keep alive so that they can
> > reuse connections to load images, javascript, css and make ajax calls
> > over it.
>
> > From a haproxy request processing and manipulating perspective, Is
> > there a difference between http-server-close and httpclose? Would
> > reqadd/reqidel/use_backend work on subsequent requests during client
> > side keep alive too?
>
> Yes. From the documentation:
>
> ,----
> | By default HAProxy operates in a tunnel-like mode with regards to
> persistent
> | connections: for each connection it processes the first request and
> forwards
> | everything else (including additional requests) to selected server. Once
> | established, the connection is persisted both on the client and server
> | sides. Use "option http-server-close" to preserve client persistent
> connections
> | while handling every incoming request individually, dispatching them one
> after
> | another to servers, in HTTP close mode. Use "option httpclose" to switch
> both
> | sides to HTTP close mode. "option forceclose" and "option
> | http-pretend-keepalive" help working around servers misbehaving in HTTP
> close
> | mode.
> `----
> --
> Vincent Bernat ☯ http://vincent.bernat.im
>
> Make sure input cannot violate the limits of the program.
> - The Elements of Programming Style (Kernighan & Plauger)
>
Received on 2011/10/27 00:21
This archive was generated by hypermail 2.2.0 : 2011/10/27 00:30 CEST