TW - Vincent

I encourage you to test the adjusted rule - there have been no false positives on User-Agents or Referers with this pattern for years. This pattern simply doesn’t lend itself...

Since the latest version of the regex, we’ve never had any issues with user-agents again. I encourage you to retest the new regex against the false positives you previously encountered...

Hello @capflam, thanks for the quick reply. I have edited the logging format. I will update this thread once it iterates again. Note that we did receive the correct Host...

Here is another log : HAProxy : Sep 24 09:19:43 localhost haproxy[2112253]: 40.77.179.34:18882 [24/Sep/2025:09:19:42.896] https~ https/X 0/0/0/12/180 421 453 - - -- 121/121/1/1/0 0/0 "POST /X HTTP/2.0" SNI=www.hostname1.com HOST=www.hostname1.com Apache2...

I understand - we are upgrading from version 2.6.12 to 2.6.22 and I will get back to you in the coming days. Thank you for your help.

We still have the issue on 2.6.22 : HAProxy version 2.6.22-1~bpo11+1 2025/04/26 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2027. Known bugs: http://www.haproxy.org/bugs/bugs-2.6.22.html Running...

Hello, Since upgrading to 3.0.11, we’ve observed another strange SNI behavior (statistics coming on Sunday - currently

Yes, we also suspected that at first. We reluctantly tweaked http-reuse never on the HAProxy side, but on the 2.6 branch we still observed the same erratic 421 errors. It...

Thanks you for the reply. I cannot share these configurations, it's a common stack with Haproxy and Apache2 on separate servers with TLS 1.2/1.3 support on both sides (TLS everywhere)...

OK here is a cleaned-up configuration, but as faithful as possible : **global** -- ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets **defaults** option...