RequestURI Difference between HAP 1.7 and 2.0.8

Help!
1

We’ve just upgraded from HAP 1.7 to 2.0.8 and a small percentages of our requests have started failing. After a TCP Dump, we noticed that the Request URL was:

GET https://redacted.host:443/ HTTP1/1\r\n
Host: redacted.host

These requests were returning a 400 Bad Request, but on 1.7 they worked just fine. So I broke out telnet and tried it manually.

FYI I had to remove the // from the URL’s in the RequestURI to pass the inspection of the post, it thought I was trying to share URL’s.

HAProxy 2.0.8 with 443 in Request URI

Connected to 192.168.0.1.
Escape character is '^]'.
GET  https: redacted.host:443/ HTTP/1.1
Host: redacted.host

HTTP/1.1 400 Bad request
content-length: 90
cache-control: no-cache
content-type: text/html
connection: close

HAP 2.0.8 Without :443 in RequestURI

Connected to 192.168.0.1
Escape character is '^]'.
GET  https: redacted.host/ HTTP/1.1
Host: redacted.host

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: https://redacted.host/

HAproxy 1.7 Host (Both work, not going to bother posting both results)

Connected to 192.168.0.2
Escape character is '^]'.
GET  https: redacted.host:443/ HTTP/1.1
Host: redacted.host

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: https://redacted.host/

The configurations are basically the same, but this one type of request is failing. Does anyone know a potential change between 1.7 and 2.0 that could cause this? Setting change? Anything?

2

In 2.0 with the default HTX mode, all those code paths have changed completely.

The issue is probably about the missing port in the Host header.

Try to add :443 to it and check if that still happens. Use option accept-invalid-http-request in the frontend to workaround.

3

Yea, that appears to be exactly the problem. Though we are seeing if we can remove the port form the URI as Google (the GLB) or something seems to be stripping the :443 from the Host header.

Thanks a lot!!

4

taken in consideration that i had a similar question as OP, thanks a lot for your help. i needed it for my project hgh side effects. will try later. thanks a lot for now.