HAProxy issue with FireFox



  • Hello all.

    I'm experiencing a very strange problem with FireFox browsers and my PFSense 2.0.1 box.

    Network is configured as follow:

    NIC_1=LAN
    NIC_2=WAN
    NIC_3=DMZ
    NIC_4=Internet Gateway 1 (with dedicated line and static public IP)
    NIC_5=ADSL backup line

    Servers are of course on DMZ. Web Servers are 2 machines that run Apache 2.2.

    On server_1 there are 5 websites, on server_2 there are 3 websites.

    I configured HAProxy with 1 frontend and 2 servers. Connecting from internal LAN to DMZ all works because nothing passes thru proxy; when I connect from Internet to DMZ, I experience the issue with FireFox:

    Scenario of the sites is:

    http://www.site_1.com -> on server_1
    http://www.site_2.com -> on server_1
    http://www.site_3.com -> on server_1
    http://www.site_4.com ->on server_2
    http://www.site_5.com -> on server_2

    With IE and Chrome, except site_3, all sites reach correct destination, and all seems to work fine; with Firefox, instead, it happens the following:

    http://www.site_1.com -> it goes on server_2, showing the default apache webpage "it works"
    http://www.site_4.com -> It goes on server_1, showing the default apache webpage "it works"
    The same with other websites.

    I don't understand how it can happen. To HAProxy is assigned a Virtual IP created as CARP type (as recomended in another post here in the forum). I attach here the configuration generated by PFSense GUI:

    
    global
    	maxconn			9999999
    	uid			80
    	gid			80
    	nbproc			4
    	chroot			/var/empty
    	daemon
    
    listen Server1
    	bind			192.168.2.5:80
    	cookie SERVERID insert indirect
            httpchk HEAD /index.html HTTP/1.0
    	mode			http
    	log			global
    	option			dontlognull
    	option			httpclose
    	option			forwardfor
    	maxconn			10000
    	clitimeout		30000
    	balance			roundrobin
    	contimeout		60000
    	srvtimeout		60000
    	retries			3
    	option			httpchk HEAD / HTTP/1.0
    	stats			enable
    	stats			uri /haproxy?stats 
    	stats			realm Haproxy\ Statistics
    	stats			auth
    	stats			refresh 5
    	server			Server_1 192.168.2.31:80  cookie server1   check inter 1000 weight 1
    	server			Server_2 192.168.2.40:80  cookie DEV_Server   check inter 1000 weight 1
    
    

    I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong?

    Where I can check for this strange issue with FireFox? I'm becoming crazy to find the cause, but I don't found nothing yet. I hope that someone can help me.

    Thanks in advance.



  • @gommox:

    I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong?

    That's the point, haproxy balance based on ip addresses not based on host names.

    If you need hostname balance, then you need to use varnish or apache2+mod_security

    take a look on package description to choose between both.

    I prefer varnish  ;)


Locked