diff --git a/doc/configuration.txt b/doc/configuration.txt index 8c6e6158d..632268f94 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -9089,11 +9089,14 @@ no option abortonclose pending in the queue or when trying to connect). If the request is already being served by a server, then the connection to the server is in turn switched to half-close to indicate the same condition to the - server, which will then decide how to proceed. + server, which will then decide how to proceed. This is the default for + HTTP-mode backends. The recommendation is to enable this option on internet-facing TLS endpoints and HTTP services, and to disable it for pure TCP ones as well as unexposed - legacy environments. + legacy environments. It is enabled by default in HTTP backends, and may be + forcefully disabled by prepending the "no" keyword before it, either in the + backend section itself, or in the "defaults" section it inherits from. If this option has been enabled in a "defaults" section, it can be disabled in a specific instance by prepending the "no" keyword before it. diff --git a/include/haproxy/proxy.h b/include/haproxy/proxy.h index 46f5df84b..7be5a55d5 100644 --- a/include/haproxy/proxy.h +++ b/include/haproxy/proxy.h @@ -141,10 +141,18 @@ static inline void proxy_reset_timeouts(struct proxy *proxy) proxy->timeout.tunnel = TICK_ETERNITY; } -/* return proxy's abortonclose status: 0=off, non-zero=on */ +/* return proxy's abortonclose status: 0=off, non-zero=on. + * Considers the proxy's mode when neither on/off was set, + * and HTTP mode defaults to on. + */ static inline int proxy_abrt_close(const struct proxy *px) { - return !!(px->options & PR_O_ABRT_CLOSE); + if (px->options & PR_O_ABRT_CLOSE) + return 1; + else if (px->no_options & PR_O_ABRT_CLOSE) + return 0; + /* When unset: 1 for HTTP, 0 for TCP */ + return px->mode == PR_MODE_HTTP; } /* increase the number of cumulated connections received on the designated frontend */ diff --git a/reg-tests/http-messaging/http_abortonclose.vtc b/reg-tests/http-messaging/http_abortonclose.vtc index f9ad90621..33b194dff 100644 --- a/reg-tests/http-messaging/http_abortonclose.vtc +++ b/reg-tests/http-messaging/http_abortonclose.vtc @@ -126,6 +126,7 @@ haproxy h2 -conf { defaults mode http + no option abortonclose retries 1 timeout client 10s timeout server 10s