haproxy1.5.15代理下,使用IE訪問url裏傳輸中文參數時錯誤解決辦法.

 最近把公司的haproxy1.4.18升級到了1.5.15,安全規則更多更靈活.

可是今天發現一個新問題,就是用IE瀏覽器訪問公司網站的時候,凡是url傳輸中文參數時,就返回"該網頁沒法顯示,請檢查網絡或dns".用火狐,谷歌瀏覽器都沒有問題.

例如:

http://mydomain?=中國

 

實際上這IE的一個bug,一些典型的非US-ASCII編碼的頭名會被過濾掉.技術支持仍是蠻好的.說是很快就有1.5.16後續版原本解決問題,

 

解決辦法:

1,回到1.4的穩定版.

可是部分好用的安全規則在1.4沒法啓用.

2,在lisent應用組裏加入"option accept-invalid-http-request",重啓haproxy便可.

3,等待更新的版本.

如下是原haproxy開發者回覆的郵件內容:

 

OK I could reproduce it, this is always the same MSIE bug, it forgets
to correctly encode data in the query string :

You can see them by issuing "show errors" on the stats socket :

As you can see, it is sending raw bytes in the request, which is strictly
forbidden in HTTP. Note that if my memory serves me right, it does not
decide to do this by itself, it just replays what the application sent
to it, so it is possible that your application forgets to correctly url-
encode the field in a url that was produced.

While you're investigating, you can bypass the issue by using :

  option accept-invalid-http-request

Note, I am seeing that the request is now blocked upstream so I'm assuming
you're running the same version on your production servers and that it
rejected the request too.

So please use the option above, it works around the MSIE bug.

Regards,
Willy

 

信2,

OK. There were several bugs fixed since 1.5-dev15, you should upgrade to

the latest snapshot on the website to keep safe. I intend to release dev16

today, so you can also wait a few hours. But I would feel better if you

would at least upgrade to one of these versions.