Closed Outfluencer closed 3 weeks ago
So you're just leaving a connection dangling because it started with a health check header?
This does not seem right and would be a DoS vector
It can only be a health check if proxy protocol is enabled and if so, you should firewall the port, so i see no ddos risk
Also the behaviour is now the same as before, only exceptions are not printed for healthchecks
Also the behaviour is now the same as before, only exceptions are not printed for healthchecks
Right, so surely now the bug https://github.com/SpigotMC/BungeeCord/commit/6e1751733f6b3dafe824dcd7f00d5ed86572ba37 was designed to fix is back?
It can only be a health check if proxy protocol is enabled and if so, you should firewall the port, so i see no ddos risk
Everyone can send the health check if I'm not wrong.
What do you mean? the problem is that if you send custom data and try to receive a custom response via haproxy it does not work with my old pr, now it does
The bug is not back but we got this as problem with my change #3689
It can only be a health check if proxy protocol is enabled and if so, you should firewall the port, so i see no ddos risk
Everyone can send the health check if I'm not wrong.
BungeeCord only decodes bytes to a health check if the HaProxyDecoder is in the pipe, that is only the case if proxy protocol is enabled, and if so you should firewall the port so only the right HAProxy can access it
-
It can only be a health check if proxy protocol is enabled and if so, you should firewall the port, so i see no ddos risk
Everyone can send the health check if I'm not wrong.
BungeeCord only decodes bytes to a health check if the HaProxyDecoder is in the pipe, that is only the case if proxy protocol is enabled, and if so you should firewall the port so only the right HAProxy can access it
That's right, but I think everyone can use the proxy to send such packets, but I'm not sure.
-
It can only be a health check if proxy protocol is enabled and if so, you should firewall the port, so i see no ddos risk
Everyone can send the health check if I'm not wrong.
BungeeCord only decodes bytes to a health check if the HaProxyDecoder is in the pipe, that is only the case if proxy protocol is enabled, and if so you should firewall the port so only the right HAProxy can access it
That's right, but I think everyone can use the proxy to send such packets, but I'm not sure.
?
What do you mean? the problem is that if you send custom data and try to receive a custom response via haproxy it does not work with my old pr, now it does
This change reverts https://github.com/SpigotMC/BungeeCord/commit/6e1751733f6b3dafe824dcd7f00d5ed86572ba37 which fixed https://github.com/SpigotMC/BungeeCord/issues/3608
How is #3608 not reintroduced in cases where HAProxy doesn't try to send custom data?
Not printing an exception to the console after the connection is already closed will not affect HAProxy
What do you mean? the problem is that if you send custom data and try to receive a custom response via haproxy it does not work with my old pr, now it does
This change reverts https://github.com/SpigotMC/BungeeCord/commit/6e1751733f6b3dafe824dcd7f00d5ed86572ba37 which fixed https://github.com/SpigotMC/BungeeCord/issues/3608
How is #3608 not reintroduced in cases where HAProxy doesn't try to send custom data?
Not printing an exception to the console after the connection is already closed will not affect HAProxy
Why will it not affect it? We just dont want to log the exception that is caused by the connection close of an health check. Isnt this the solution for it?
I see, so #3608 is purely cosmetic
I see, so #3608 is purely cosmetic
Yes
Also the behaviour is now the same as before, only exceptions are not printed for healthchecks
How it's the same if channel is not being closed with the latest change?
Also the behaviour is now the same as before, only exceptions are not printed for healthchecks
How it's the same if channel is not being closed with the latest change?
Because haProxy closes the connection by itself by default. I only closed the channel so we dont receive rst from the haProxy that causes the exception. Now we receive the rst und the exception is thrown but we dont print it for healthchecks. In both cases there are no exceptions spammed anymore
Fixes #3689 Just check if the connection is a health check if so don't log exceptions