How can I filter http/1.0 connection


#1

Dear folks,
Now I use haproxy as a reverse proxy server which has a backend with four servers. I found some guys communicating with my servers with http/1.0 connection method. The log info is displayed as follows:

Oct 14 14:56:11 ubuntu-512mb-sfo1-01 haproxy[11514]: 131.135.222.29 proxy-balance/hrunchuun [status:400] (196) {|Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-G935F Build/MMB29K)} “CONNECT ipservice.check.com:80 HTTP/1.0”

However, one service (ipservice.check.com) on the servers cannot process http/1.0 connection smoothly. So I want to setup the new service (ipservice.check.com) on a new server to process http/1.0 connections. If a new http/1.0 connections with the new service (ipservice.check.com) is established, I want haproxy send the session to my new server. I’ve created a new ACL rule, but it seems the acl rule doesn’t work as expected. The rule is:

use-server http_1_conn if { hdr_dom(host) -i ipservice.check.com }

Is it because the function hdr_dom doest work with http/1.0 connection? or hdr_dom is not proper for the scenario?

Please give me a hand, thank you very much!


#2

It matches the Host header. If there is no host header, there is nothing to match.

I assume the request doesn’t contain the host header.