From: Amaury Denoyelle Date: Fri, 29 Jan 2021 14:18:49 +0000 (+0100) Subject: MINOR: doc: update http reuse for new eligilible connections X-Git-Tag: v2.4-dev8~61 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d773a4ee23cc04ba41cab3fe63e237628f7f9ff6;p=thirdparty%2Fhaproxy.git MINOR: doc: update http reuse for new eligilible connections Update the doc to remove entries on http-reuse marking private connection for specific source address or sni. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 12b87ad41c..391e074a7a 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -6966,16 +6966,13 @@ http-reuse { never | safe | aggressive | always } used when it improves the situation over "aggressive". When http connection sharing is enabled, a great care is taken to respect the - connection properties and compatibility. Specifically : - - connections made with "usesrc" followed by a client-dependent value - ("client", "clientip", "hdr_ip") are marked private and never shared; + connection properties and compatibility. Indeed, some properties are specific + and it is not possibly to reuse it blindly. Those are the SSL SNI, source + and destination address and proxy protocol block. A connection is reused only + if it shares the same set of properties with the request. - - connections sent to a server with a variable value as TLS SNI extension - are marked private and are never shared. This is not the case if the SNI - is guaranteed to be a constant, as for example using a literal string; - - - connections with certain bogus authentication schemes (relying on the - connection) like NTLM are detected, marked private and are never shared; + Also note that connections with certain bogus authentication schemes (relying + on the connection) like NTLM are marked private and never shared. A connection pool is involved and configurable with "pool-max-conn".