Re: 403 forbidden errors.

From: Willy Tarreau <>
Date: Fri, 1 Apr 2011 08:00:07 +0200

On Thu, Mar 31, 2011 at 04:32:41PM -0600, Don MacArthur wrote:
> As a practice, we avoid the use of cookies.

Then what does your application use to recognize a client ? Haproxy's cookies are just session cookies, not stored cookies. It can even make use of the application's cookie.

> I am load balancing HTTP (80), HTTPS (443) and net.tcp (808).
> Is there a preferred common practice/keyword configuration for
> accomplishing this with HAProxy?

When dealing with multiple protocols, either you find a common info between them two-by-two for each transition (eg: SSL-ID inside HTTPS, cookie for HTTPS->HTTP), or you can only rely on things such as the IP address, which is limited on the internet (it works fine inside enterprises though).

Look at the "stick on src" and "stick table" documentation to see how you can use the IP address. But once again, keep in mind that an IP address is very poor and unreliable information on the net. All users behind the same proxy will go to the same server ; users which browse through multiple proxies or via smartphones will have a variable IP address which can cause problems with your application.

Willy Received on 2011/04/01 08:00

This archive was generated by hypermail 2.2.0 : 2011/04/01 08:15 CEST