Bug 1443675

Summary: [free][free-int]HAProxy router's request buffer is too small
Product: OpenShift Online Reporter: Miciah Dashiel Butler Masters <mmasters>
Component: RoutingAssignee: Miciah Dashiel Butler Masters <mmasters>
Status: CLOSED CURRENTRELEASE QA Contact: zhaozhanqi <zzhao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.xCC: aos-bugs, bperkins, jeder, jmencak, zhaliu, zzhao
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1443668 Environment:
Last Closed: 2017-05-01 20:39:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miciah Dashiel Butler Masters 2017-04-19 17:26:21 UTC 
Description of problem:

HAProxy's default request buffer configuration only allows 8192 bytes for headers in incoming requests.  This limit is too low.

haproxy-config.template does not specify tune.bufsize or tune.maxrewrite.  The default value for tune.bufsize is 16384 bytes.  The default value for tune.maxrewrite is half of tune.bufsize.  Incoming request headers are limited to the difference, tune.bufsize - tune.maxrewrite, thus 8192 bytes, by default.


Version-Release number of selected component (if applicable):

3.5.0.14


Steps to reproduce:

The problem can be demonstrated with the following command:

    curl "http://${some_route}/" -H "X-Foo: $(perl -e 'print "x"x8192')"


Actual results:

HAProxy responds with "400 Bad request".


Expected results:

HAProxy should return a 200 response.


Additional information:

PR: https://github.com/openshift/online/pull/1144
Comment 1 Miciah Dashiel Butler Masters 2017-04-19 17:37:34 UTC 
This is fixed in 3.5.0.15-2, which has been deployed to free-int.
Comment 2 zhaliu 2017-04-24 12:15:55 UTC 
Verified in the online free int environment, when try to access a route with long  header:
curl "http://${some_route}/" -H "X-Foo: $(perl -e 'print "x"x8192')" -I
curl "http://${some_route}/" -H "X-Foo: $(perl -e 'print "x"x20000')" -I

We can get the 200 OK response.