Haproxy : tcp-request connection Close the connexion in 60 seconds

i have this haproxy configuration to pass traffic to windows FTP server in backend:

frontend myFTPservice
mode tcp
acl AllowClientIPs src -f /etc/haproxy/clientListIPs.lst
tcp-request connection reject if !AllowClientIPs
option tcplog
default_backend MyBackFTPserver

backend MyBackFTPserver
mode tcp
server serverFTP

This configuration works but the problem is that if i connect (via fileZilla or Winscp) to that FTP using this config , it closes the connexion after 60secondes if no activity …
when i comment the line of " #tcp-request connection…" which mean i allow the access from anywhere to that FTP not from the client ip only , after 60 secondes of no activity the FTP keep open and doesn’t close connection…
is there a way to keep using the “tcp-request connection reject” and avoid that connection close after 60 secondes if no activity ?
ps : i have tried adding server timeout and client timeout to the backend but that didn"t solve the issue.

any idea please ?

I’m unable to reproduce this issue, it works as expected for me.

Please provide the entire configuration, the output of haproxy -vv and the log line in tcplog format of the connection that is getting closed prematurely.

You have specifically configured the timeout to 60 seconds:

timeout client 1m
timeout server 1m

yes but i have another rule for another FTP server on the same config and it doesn’t close connection after 60 secondes if no activity …
by the way i’v tried to add timeout client and server in this FTP with 5m each one , but still closing the conenction after 60secondes if no activity

Haproxy respect timeout client and timeout server, as explained above.

Likely there is activity you are not aware of. Did you capture the both TCP session and check every single packet of it to make sure?

Then something else is still going on, like old haproxy instances still running with the old configuration in the background or a configuration somewhere else overwriting this.

I suggest you double check the configuration, stop haproxy, check if haproxy process are still running and if they are, kill them, and then start haproxy again.

If it still doesn’t work, provide the full configuration and the full log output of the request again.

Thanks a lot Lukas !! it was due to that timeout client and server that i set in the default section.
i increased it to 5min and it is ok now.
but what make this more weird , is that in the same config i have another ftp rule without tcp-request connetion reject … (means it acceptes the traffic from anywhere ) and this FTP doesn’t close after 1min or even 5min after i increased it.

Yes, like I said, probably the sessions are not idling. Unless you capture the traffic on both sides and check every exchanged byte, you will not know.

yes probably thats why
Thanks a lot man !