Apr 20 14:40:14 192.168.102.103 haproxy[8]: 183.191.86.245:32847 [20/Apr/2024:14:40:14.378] newdcs_openretry_9992/1: SSL handshake failure (error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate)
We are experiencing a large number of these requests, causing our bandwidth to spike from 300Mbps to 1Gbps. We know that these requests are coming from Android devices, but we’re not sure why we are seeing this type of alert. It’s possible that we might be under attack by hackers, but we can’t be certain as we are unable to log into these Android devices. This is just our speculation.
haproxy config
global
log /dev/log local0 info
log /dev/log local0 notice
log /dev/log local0 debug
log 192.168.102.139:514 local0
pidfile /tmp/haproxy.pid
stats socket /tmp/haproxy.sock user haproxy group haproxy mode 660 level admin
stats socket ipv4@127.0.0.1:8888 level admin expose-fd listeners
#maxconn 50000
defaults
log global
option tcplog
mode tcp
retries 2
balance roundrobin
option redispatch
option abortonclose
option dontlognull
maxconn 1000000
timeout connect 5s
timeout client 50000
timeout server 50000
timeout client-fin 3s
timeout check 3s
listen newdcs_openretry_9992
bind *:9992 ssl crt /usr/local/etc/haproxy/ssl/_.xxx.certkey
mode http
http-request add-header X-Forwarded-For %[src]
http-request add-header X-Forwarded-Proto https
#option httpchk GET /ping
#http-check expect status 200
server devops-newdcs-nginx-102-104 192.168.102.104:19992 check inter 5000 rise 2 fall 3 weight 6
server devops-newdcs-nginx-102-105 192.168.102.105:19992 check inter 5000 rise 2 fall 3 weight 6
server devops-newdcs-nginx-102-106 192.168.102.106:19992 check inter 5000 rise 2 fall 3 weight 6
server devops-newdcs-nginx-102-107 192.168.102.107:19992 check inter 5000 rise 2 fall 3 weight 6