don't close health check directly #3690
Conversation
|
So you're just leaving a connection dangling because it started with a health check header? This does not seem right and would be a DoS vector |
|
It can only be a health check if proxy protocol is enabled and if so, you should firewall the port, |
|
Also the behaviour is now the same as before, only exceptions are not printed for healthchecks |
Right, so surely now the bug 6e17517 was designed to fix is back? |
Everyone can send the health check if I'm not wrong. |
|
What do you mean? the problem is that if you send custom data and try to receive a custom response via haproxy it does not work with my old pr, now it does |
|
The bug is not back but we got this as problem with my change #3689 |
BungeeCord only decodes bytes to a health check if the HaProxyDecoder is in the pipe, that is only the case if proxy protocol is enabled, and if so you should firewall the port so only the right HAProxy can access it |
That's right, but I think everyone can use the proxy to send such packets, but I'm not sure. |
? |
This change reverts 6e17517 which fixed #3608 How is #3608 not reintroduced in cases where HAProxy doesn't try to send custom data? Not printing an exception to the console after the connection is already closed will not affect HAProxy |
Why will it not affect it? We just dont want to log the exception that is caused by the connection close of an health check. |
|
I see, so #3608 is purely cosmetic |
Yes |
How it's the same if channel is not being closed with the latest change? |
Because haProxy closes the connection by itself by default. I only closed the channel so we dont receive rst from the haProxy that causes the exception. Now we receive the rst und the exception is thrown but we dont print it for healthchecks. In both cases there are no exceptions spammed anymore |
Fixes #3689
Just check if the connection is a health check if so don't log exceptions