Hello everyone!
Hope you’re all having an incredible day! (not me unfortunately)
I’m currently seeking for help on one issue that we’re facing with our setup on HAProxy. Here’s the situation:
- We recently upgraded our HAProxy to version 2.0.31 as part of the security requirements, no other changes on our infrastructure.
- Previously we were able to reach our backend API at https://example.com/api (via HAProxy of course) and now we’ve got error “400 Bad Request”.
curl --insecure https://example.com/api
<H1>400 Bad Request</H1>
However, the strange thing is when we pass in the header “User-Agent” to the request, no error 400 is returned
curl --insecure -H "User-Agent:*" https://example.com/api
<FORM METHOD=POST autocomplete=new-password style="max-width:300px;margin:auto"><HEAD><TITLE>Authorization Required</TITLE></HEAD><H2>Authorization Required!</H2><label for=user>Username</label><br><input id=user name=username type=text><br><label for=pass>Password</label><br><input id=pass name=password type=password><br><INPUT TYPE=HIDDEN NAME=csrf_token VALUE="79a404327c6afb987b894ff339faab0e277688be">
<INPUT TYPE=submit VALUE=submit>
</FORM>
- With that being said, I’m attaching the config of our setup as below:
–
frontend front_PROD
log-format “%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r”
mode http
bind 10.10.0.219:443 ssl crt /etc/haproxy/certificates/
maxconn 80000
timeout connect 1800s
–
acl acl_examplecom hdr(host) -i example.com
–
backend back_examplecom
mode http
http-request set-header User-Agent %[hdr(User-Agent)]
server srv_examplecom 10.10.0.1:443 check ssl verify none sni ssl_fc_sni
–
use_backend back_examplecom if acl_examplecom
I’d appreciate so much if you have any ideas on this. Thank you in advance for checking this out.
Best regards,
Son.