HAProxy community

[SOLVED] "Backend" leaks between frontend's acl in massive hosting (2.0.15)

Hello all,

First thank you for such nice piece of software and the documentation :slight_smile:

I am using haproxy in massive hosting environment, as one of the components of an infrastructure I am involved with (I can share some more info if you want :slight_smile: ).

Anyway, my haproxy.cfg looks more or less like this:

  pidfile haproxy.pid

log rsyslogd.socket local0
  log global
  mode http
  option httplog
  timeout queue 60s
  timeout server 600s
  timeout client 600s
  timeout connect 5s
  retries 3

frontend http
  bind ipv4:<port>

  acl is_host-NNN hdr_dom(host) -i host_NNN.example.com
  use_backend host_NNN-backend if is_host-NNN

backend host-NNN-backend
  timeout server 600s
  timeout connect 5s
  retries 3
  server backend <ipv6-XXX>

Where NNN is in range <0000-9999> (currently I have more than 3000 entries).

If haproxy is run with such configuration in real environment I realised that if I connect to host-123, for which server's is down defined in host-123-backend I receive response from another random backend in the configuration. I see that, as I expect to have 503 from haproxy, but I have 401 or 200 from other backend (which varies on each request).

When I try to reproduce this problem in other environment, all works fine in such case (I got 503), but as soon as I am not starting to connect to other hosts (I am using curl with --resolve in a loop), then I have the problem.

If the backend is up, all responses are correct. I feel that I have problem in my configuration, thatโ€™s why I held myself with adding bug in the haproxy issue tracker.

Do you have something to comment about?

I am using haproxy version 2.0.15

Note/SOLVED: Just tried with 2.0.17 and I do not have the problem anymore, but reading http://www.haproxy.org/download/2.0/src/CHANGELOG gives me no clue about which bugfix is thatโ€ฆ Would it be BUG/MEDIUM: mux-h1: Disable the splicing when nothing is received?