最近把公司的haproxy1.4.18升级到了1.5.15,安全规则更多更灵活.
但是今天发现一个新问题,就是用IE浏览器访问公司网站的时候,凡是url传输中文参数时,就返回"该网页无法显示,请检查网络或dns".用火狐,谷歌浏览器都没有问题.
例如:
http://mydomain?=中国
实际上这IE的一个bug,一些典型的非US-ASCII编码的头名会被过滤掉.技术支持还是蛮好的.说是很快就有1.5.16后续版本来解决问题,
解决办法:
1,回到1.4的稳定版.
但是部分好用的安全规则在1.4无法启用.
2,在lisent应用组里加入"option accept-invalid-http-request",重启haproxy即可.
3,等待更新的版本.
以下是原haproxy开发者回复的邮件内容:
OK I could reproduce it, this is always the same MSIE bug, it forgets
to correctly encode data in the query string :
You can see them by issuing "show errors" on the stats socket :
As you can see, it is sending raw bytes in the request, which is strictly
forbidden in HTTP. Note that if my memory serves me right, it does not
decide to do this by itself, it just replays what the application sent
to it, so it is possible that your application forgets to correctly url-
encode the field in a url that was produced.
While you're investigating, you can bypass the issue by using :
option accept-invalid-http-request
Note, I am seeing that the request is now blocked upstream so I'm assuming
you're running the same version on your production servers and that it
rejected the request too.
So please use the option above, it works around the MSIE bug.
Regards,
Willy
信2,
OK. There were several bugs fixed since 1.5-dev15, you should upgrade to
the latest snapshot on the website to keep safe. I intend to release dev16
today, so you can also wait a few hours. But I would feel better if you
would at least upgrade to one of these versions.
本文转自 idyllic_cyty 51CTO博客,原文链接:http://blog.51cto.com/aizzw/1098336
