in Education by
We switched from citrix to HAProxy for load balancing recently. The Problem is that for some requests HAProxy started giving a 400 Error (Which used to work well on citrix). So we moved to TCP based load balancing from a HTTP based load balancing for the time being. On further investigating we found that some requests had an extra space in the HTTP header which caused the 400 error. profileID:value vs profileID:value And these requests came from the android app so we are not able to change the source code. We are trying to move back to http based load balancing. Is there any config setting that may allow us to ignore the space. JavaScript questions and answers, JavaScript questions pdf, JavaScript question bank, JavaScript questions and answers pdf, mcq on JavaScript pdf, JavaScript questions and solutions, JavaScript mcq Test , Interview JavaScript questions, JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)

1 Answer

0 votes
by
HAProxy supports a proxy configuration directive called option accept-invalid-http-request. It relaxes some of the strict protocol compliance that HAProxy correctly requires by default on incoming requests, so it should not be used blindly or carelessly without understanding the implications. From the documentation: By default, HAProxy complies with RFC7230 in terms of message parsing. This means that invalid characters in header names are not permitted and cause an error to be returned to the client. This is the desired behaviour as such forbidden characters are essentially used to build attacks exploiting server weaknesses, and bypass security filtering. Sometimes, a buggy browser or server will emit invalid header names for whatever reason (configuration, implementation) and the issue will not be immediately fixed. In such a case, it is possible to relax HAProxy's header name parser to accept any character even if that does not make sense, by specifying this option. Similarly, the list of characters allowed to appear in a URI is well defined by RFC3986, and chars 0-31, 32 (space), 34 ('"'), 60 ('<'), 62 ('>'), 92 ('\'), 94 ('^'), 96 ('`'), 123 ('{'), 124 ('|'), 125 ('}'), 127 (delete) and anything above are not allowed at all. Haproxy always blocks a number of them (0..32, 127). The remaining ones are blocked by default unless this option is enabled. This option also relaxes the test on the HTTP version, it allows HTTP/0.9 requests to pass through (no version specified) and multiple digits for both the major and the minor version. This option should never be enabled by default as it hides application bugs and open security breaches. It should only be deployed after a problem has been confirmed. http://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4-option%20accept-invalid-http-request (emphasis added) Adding this option to the respective frontend section of your configurarion file should allow these invalid headers to be accepted. Note that the potential security risks mentioned in the documentation are not risks inherent in HAProxy, but rather risks of exploits against vulnerabilities in your stack behind the proxy -- because normally, HAProxy shields those components from such invalid requests.

Related questions

0 votes
    I want to get the size of an http:/.../file before I download it. The file can be a webpage ... , JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Mar 21, 2022 in Education by JackTerrance
0 votes
    I'm trying to code a redirect checker, to check if a URL is search engine friendly. It has to ... JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Feb 16, 2022 in Education by JackTerrance
0 votes
    My application sends email using Microsoft Graph. We followed the documentation, this was working as expected for ... for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Apr 17, 2022 in Education by JackTerrance
0 votes
    What HTTP Status Code 400 states in RESTful?...
asked Nov 7, 2020 in Technology by JackTerrance
0 votes
    i am trying to run a phtread program in visual studio 2010. in this code there is "sys/times.h", ... JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Jan 16, 2022 in Education by JackTerrance
0 votes
    after installing composer I tried to install larvel but it gives ErrorException .please help.... data from ... Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Jun 30, 2022 in Education by JackTerrance
0 votes
    after installing composer I tried to install larvel but it gives ErrorException .please help.... data from ... Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Jun 23, 2022 in Education by JackTerrance
0 votes
    I am using a pre-trained doc2vec model, when I try to find out most similar document to that of ... JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Apr 23, 2022 in Education by JackTerrance
0 votes
    ___________ function gives an error message if the desired package cannot be loaded. (a) Dplyr (b) Require (c ... of R Programming Select the correct answer from above options...
asked Feb 16, 2022 in Education by JackTerrance
0 votes
    The question as the title. Why is this, I have used the ssh command: ssh -i mykey.pem root@xxx-xxx-xx-xx-xxx ... What am I doing wrong? Select the correct answer from above options...
asked Feb 8, 2022 in Education by JackTerrance
0 votes
    I got an openshift cluster with 2 nodes (a master and a slave), I want to change the config file ... JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Jul 14, 2022 in Education by JackTerrance
0 votes
    git reflog –verbose will print extra information on the screen. A. True B. False...
asked Dec 24, 2022 in Technology by JackTerrance
0 votes
    I have yet another "Can't set headers after they are sent." problem. I've created a post router ... JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Jun 30, 2022 in Education by JackTerrance
...