HTX (http-use-htx) and represention of HTTP headers

emilwojcik93 · March 11, 2022, 11:02am

Hello,

I’ve got a problem with upgrade HAproxy in my envinronment.

After upgrade from HAproxy v.1.9.x to v.2.4.x, I noticed that HTTP response was changed:

HTTP response from new version HAproxy:


> Content-Length: 17730

>

* upload completely sent off: 17730 out of 17730 bytes

* Mark bundle as not supporting multiuse

< HTTP/1.1 201

HTTP/1.1 201

< location: http://HOST:PORT/SOME/URI

location: http://HOST:PORT/SOME/URI

< content-length: 0

content-length: 0

< date: Tue, 08 Mar 2022 12:10:58 GMT

date: Tue, 08 Mar 2022 12:10:58 GMT<

* Connection #0 to host HOST left intact

HTTP response from old version HAproxy:


> Content-Length: 17730

>

* upload completely sent off: 17730 out of 17730 bytes

* Mark bundle as not supporting multiuse

< HTTP/1.1 201

HTTP/1.1 201

< Location: http://HOST:PORT/SOME/URI

Location: http://HOST:PORT/SOME/URI

< Content-Length: 0

Content-Length: 0

< Date: Tue, 08 Mar 2022 12:11:54 GMT

Date: Tue, 08 Mar 2022 12:11:54 GMT<

* Connection #0 to host HOST left intact

Like you see headers from new version of HAproxy are writter in lower-case and some apps (parsers) in my envinroment are case-sensitive.

To resolve this issue I was trying to add no option http-use-htx to my config but this doesn’t work for HAproxy v.2.x Since the version 2.0-dev3, the HTX is the default mode


[WARNING] (23) : parsing [/opt/haproxy/config/haproxy.cfg:16]: option 'http-use-htx' is deprecated and ignored. The HTX mode is now the only supported mode.

So I was able to rewrite specific headers using h1-case-adjust:

global
  h1-case-adjust content-length Content-Length
  h1-case-adjust location Location
  h1-case-adjust date Date

frontend proxy
  option h1-case-adjust-bogus-client

But this solution it’s not enough for me because I don’t know every header that is used in my envinroment and I don’t want to rewirte every problematic HTTP header in HAproxy config file.

Could you tell me is there any other solution that will make HTTP headers in old (traditional) HTTP representation?

Best regards,

emilwojcik93

lukastribus · March 11, 2022, 3:06pm

In HTTP2 all headers are lowercase/binary, this information is gone.

And haproxy cannot possibly know if x-private-header should be X-PRIVATE-Header or X-pRiVaTe-hEader .

The long term solution to this is to make servers and clients HTTP compliant.

capflam · March 11, 2022, 4:10pm

As a workaround you can define a mapping using h1-case-adjust or h1-case-adjust--file global options. Then you can set h1-case-adjust-bogus-client option in your frontend sections and h1-case-adjust-bogus-server option in your backend sections

But I agree with Lukas. The best is to update your apps to be HTTP compliant.

lukastribus · March 11, 2022, 8:38pm

@capflam he already does that, but he doesn’t want to predict all the header names.

But its either that or fixing the real problem.

With HTX mode, everything is HTTP version agnostic. This requires HTTP compliant user-agents:

Just as in HTTP/1.x, header field names are strings of ASCII
characters that are compared in a case-insensitive fashion.  However,
header field names MUST be converted to lowercase prior to their
encoding in HTTP/2.

lukastribus · March 22, 2022, 12:42pm

Also see:

github.com/haproxy/haproxy

Preserve Header Capitalisation for HTTP/1.1

opened 08:33AM - 21 Mar 22 UTC

closed 08:26AM - 25 Mar 22 UTC

VigneshSP94

type: feature

### Your Feature Request A global option to preserve the header capitalisation …for HTTP/1.1 ### What are you trying to do? We have a load of applications that expects the header to be same as sent by the server, by default haproxy lowercases the header names and provides `h1-case-adjust` option to preserve the capitals of know headers, but this doesn't work for headers that are unknown. ### Output of `haproxy -vv` ```plain HAProxy version 2.4.10-bedf277 2021/12/23 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2026. Known bugs: http://www.haproxy.org/bugs/bugs-2.4.10.html Running on: Linux 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:32:57 UTC 2018 x86_64 Build options : TARGET = linux-glibc CPU = generic CC = cc CFLAGS = -O2 -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference OPTIONS = USE_PCRE=1 USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_PROMEX=1 DEBUG = Feature list : +EPOLL -KQUEUE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO +OPENSSL -LUA +FUTEX +ACCEPT4 -CLOSEFROM +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL -PROCCTL +THREAD_DUMP -EVPORTS -OT -QUIC +PROMEX -MEMORY_PROFILING Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=8). Built with OpenSSL version : OpenSSL 1.1.1h 22 Sep 2020 Running on OpenSSL version : OpenSSL 1.1.1h 22 Sep 2020 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with the Prometheus exporter as a service Built with network namespace support. Built with zlib version : 1.2.11 Running on zlib version : 1.2.11 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.39 2016-06-14 Running on PCRE version : 8.39 2016-06-14 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Built with gcc compiler version 7.3.0 Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|CLEAN_ABRT|HOL_RISK|NO_UPG fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG <default> : mode=HTTP side=FE|BE mux=H1 flags=HTX h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG <default> : mode=TCP side=FE|BE mux=PASS flags= none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG Available services : prometheus-exporter Available filters : [SPOE] spoe [CACHE] cache [FCGI] fcgi-app [COMP] compression [TRACE] trace ```

Topic		Replies	Views
HAProxy 2.0.0 header Help!	5	5756	June 17, 2019
Preserve header capitalisation Help!	4	2188	March 22, 2022
2.8.x to 2.9 Sudden 411 issues Help!	5	435	December 18, 2023
Convert header names to lowercase Help!	2	629	August 14, 2019
Content-Type Header with HAPRoxy 2.1.10 Help!	1	661	May 19, 2021

HTX (http-use-htx) and represention of HTTP headers

Related Topics