HAProxy issue with FireFox

gommox

Hello all.

I'm experiencing a very strange problem with FireFox browsers and my PFSense 2.0.1 box.

Network is configured as follow:

NIC_1=LAN
NIC_2=WAN
NIC_3=DMZ
NIC_4=Internet Gateway 1 (with dedicated line and static public IP)
NIC_5=ADSL backup line

Servers are of course on DMZ. Web Servers are 2 machines that run Apache 2.2.

On server_1 there are 5 websites, on server_2 there are 3 websites.

I configured HAProxy with 1 frontend and 2 servers. Connecting from internal LAN to DMZ all works because nothing passes thru proxy; when I connect from Internet to DMZ, I experience the issue with FireFox:

Scenario of the sites is:

http://www.site_1.com -> on server_1
http://www.site_2.com -> on server_1
http://www.site_3.com -> on server_1
http://www.site_4.com ->on server_2
http://www.site_5.com -> on server_2

With IE and Chrome, except site_3, all sites reach correct destination, and all seems to work fine; with Firefox, instead, it happens the following:

http://www.site_1.com -> it goes on server_2, showing the default apache webpage "it works"
http://www.site_4.com -> It goes on server_1, showing the default apache webpage "it works"
The same with other websites.

I don't understand how it can happen. To HAProxy is assigned a Virtual IP created as CARP type (as recomended in another post here in the forum). I attach here the configuration generated by PFSense GUI:

global
	maxconn			9999999
	uid			80
	gid			80
	nbproc			4
	chroot			/var/empty
	daemon

listen Server1
	bind			192.168.2.5:80
	cookie SERVERID insert indirect
        httpchk HEAD /index.html HTTP/1.0
	mode			http
	log			global
	option			dontlognull
	option			httpclose
	option			forwardfor
	maxconn			10000
	clitimeout		30000
	balance			roundrobin
	contimeout		60000
	srvtimeout		60000
	retries			3
	option			httpchk HEAD / HTTP/1.0
	stats			enable
	stats			uri /haproxy?stats 
	stats			realm Haproxy\ Statistics
	stats			auth
	stats			refresh 5
	server			Server_1 192.168.2.31:80  cookie server1   check inter 1000 weight 1
	server			Server_2 192.168.2.40:80  cookie DEV_Server   check inter 1000 weight 1

I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong?

Where I can check for this strange issue with FireFox? I'm becoming crazy to find the cause, but I don't found nothing yet. I hope that someone can help me.

Thanks in advance.

marcelloc

@gommox:

I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong?

That's the point, haproxy balance based on ip addresses not based on host names.

If you need hostname balance, then you need to use varnish or apache2+mod_security

take a look on package description to choose between both.

I prefer varnish  ;)