400-Bad-request responses (possibly due to failing authority validation)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
haproxy (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Lena Voytek | ||
Kinetic |
Fix Released
|
Undecided
|
Lena Voytek |
Bug Description
We recently upgraded all our proxy servers (running squid and haproxy) to Ubuntu 22.04.2 LTS after a squid bug was resolved (ubuntu/
In particular we have found that setting the proxy in Windows to the haproxy port (8080) on the server it seems to work fine for all modern browsers but older browsers (including IE) fail, as too does SQL Server 2017, Visual Studio 2017, and Maltego 4.3.0. When they fail they report they are unable to access the servers on the internet, which is necessary for them to do things like register/
(As an aside, we are not able to upgrade the individual pieces of software for two reasons, the first is that they are specific versions referenced & required for use, and secondly there are too many different instances of software, across multiple OSes, to catch them all.)
We have a workaround in place but I believe it is appropriate to report here so that it can be updated & patched if deemed suitable.
The workaround is adding the following to our haproxy.cfg:
option accept-
The version of haproxy in the latest LTS release of Ubuntu (22.04.2 LTS) is 2.4.18-0ubuntu1.2 and our investigations lead us to believe that this is due to a known bug in this version (which is where we discovered the wrkaround), as seen here: https:/
This bug has been patched in later versions of haproxy with this commit: https:/
We are able to spin up additional servers to test with PPA releases if this would help, as I did for the aforementioned squid bug.
Please let me know if more information would be hlepful.
Segments of apport included below, but I can provide the full file (with some redactions for security/privacy) if necessary.
== ApportVersion =======
2.20.11-0ubuntu82.3
== Architecture =======
amd64
== CasperMD5CheckR
pass
== Date =======
Thu Mar 30 11:03:12 2023
== DistroRelease =======
Ubuntu 22.04
== InstallationDate =======
Installed on 2021-11-22 (492 days ago)
== InstallationMedia =======
Ubuntu-Server 20.04.3 LTS "Focal Fossa" - Release amd64 (20210824)
== Package =======
haproxy 2.4.18-0ubuntu1.2
== PackageArchitecture =======
amd64
== ProblemType =======
Bug
== ProcVersionSign
Ubuntu 5.15.0-
== SourcePackage =======
haproxy
== Tags =======
jammy uec-images
== Uname =======
Linux 5.15.0-67-generic x86_64
== UpgradeStatus =======
Upgraded to jammy on 2023-02-24 (33 days ago)
Changed in haproxy (Ubuntu Jammy): | |
assignee: | nobody → Lena Voytek (lvoytek) |
Changed in haproxy (Ubuntu Kinetic): | |
assignee: | nobody → Lena Voytek (lvoytek) |
Thank you for the bug report. I created a PPA based on the upstream information you provided, located here: https:/ /launchpad. net/~lvoytek/ +archive/ ubuntu/ haproxy- fix-bad- request- responses
It is based on the commits:
https:/ /github. com/haproxy/ haproxy/ commit/ 3f5fbe940733bba 84b5ee875af5b13 aa3144aa41 /github. com/haproxy/ haproxy/ commit/ 658f971621839f3 b928da099dfe309 2b47cbc958 /github. com/haproxy/ haproxy/ commit/ ca7218aaf073627 b665459bd881b2b 35a481602a
https:/
https:/
If you would like to test it with 22.04 you can run:
sudo add-apt-repository ppa:lvoytek/ haproxy- fix-bad- request- responses
sudo apt update
sudo apt upgrade
This should affect kinetic too, but the fix has been added to lunar. I'll mark the bug info as such