mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 13:51:26 +02:00
Code Issues Projects Releases Wiki Activity

MAJOR: checks: Implement HTTP check using tcp-check rules

Browse Source 
HTTP health-checks are now internally based on tcp-checks. Of course all the
configuration parsing of the "http-check" keyword and the httpchk option has
been rewritten. But the main changes is that now, as for tcp-check ruleset, it
is possible to perform several send/expect sequences into the same
health-checks. Thus the connect rule is now also available from HTTP checks, jst
like set-var, unset-var and comment rules.

Because the request defined by the "option httpchk" line is used for the first
request only, it is now possible to set the method, the uri and the version on a
"http-check send" line.
This commit is contained in:
Christopher Faulet 2020-04-15 11:32:03 +02:00
parent 95226db8e4
commit e5870d872b
8 changed files with 1160 additions and 536 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
doc/configuration.txt
View File

@ -2653,9 +2653,12 @@ fullconn X - X X
grace X X X X
hash-type X - X X
http-after-response - X X X
http-check connect X - X X
http-check disable-on-404 X - X X
http-check expect - - X X
http-check expect X - X X
http-check send-state X - X X
http-check set-var X - X X
http-check unset-var X - X X
http-request - X X X
http-response - X X X
http-reuse X - X X
@ -4386,6 +4389,72 @@ http-after-response unset-var(<var-name>) [ { if | unless } <condition> ]
Example:
http-after-response unset-var(sess.last_redir)
http-check connect [params*]
Opens a new connection to perform an HTTP health check
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
Just like tcp-check health checks, it is possible to configure the connection
to use to perform HTTP health check. This directive should also be used to
describe a scenario involving several request/response exchanges, possibly on
different ports or with different servers.
When there are no TCP port configured on the server line neither server port
directive, then the first step of the http-check sequence must be to specify
the port with a "http-check connect".
In an http-check ruleset a 'connect' is required, it is also mandatory to start
the ruleset with a 'connect' rule. Purpose is to ensure admin know what they
do.
When a connect must start the ruleset, if may still be preceded by set-var,
unset-var or comment rules.
Parameters :
They are optional and can be used to describe how HAProxy should open and
use the HTTP connection.
default Use default options of the server line to do the health
checks. The server options are used only if not redifined.
port <expr> if not set, check port or server port is used.
It tells HAProxy where to open the connection to.
<port> must be a valid TCP port source integer, from 1 to
65535 or an sample-fetch expression.
addr <ip> defines the IP address to do the health check.
send-proxy send a PROXY protocol string
via-socks4 enables outgoing health checks using upstream socks4 proxy.
ssl opens a ciphered connection
sni <sni> specifies the SNI to use to do health checks over SSL.
alpn <alpn> defines which protocols to advertise with ALPN. The protocol
list consists in a comma-delimited list of protocol names,
for instance: "h2,http/1.1". If it is not set, the server ALPN
is used.
linger cleanly close the connection instead of using a single RST.
Examples:
# check HTTP and HTTPs services on a server.
# first open port 80 thanks to server line port directive, then
# tcp-check opens port 443, ciphered and run a request on it:
option httpchk
http-check connect
http-check send GET / HTTP/1.1 hdr host haproxy.1wt.eu
http-check expect rstatus "^[23][0-9]{2}"
http-check connect port 443 ssl sni haproxy.1wt.eu
http-check send GET / HTTP/1.1 hdr host haproxy.1wt.eu
http-check expect rstatus "^[23][0-9]{2}"
server www 10.0.0.1 check port 80
See also : "option httpchk", "http-check send", "http-check expect"
http-check disable-on-404
Enable a maintenance mode upon HTTP/404 response to health-checks
@ -4408,11 +4477,58 @@ http-check disable-on-404
See also : "option httpchk", "http-check expect"
http-check expect [!] <match> <pattern>
http-check expect [min-recv <int>]
[ok-status <st>] [error-status <st>] [tout-status <st>]
[on-success <fmt>] [on-error <fmt>] [status-code <expr>]
[!] <match> <pattern>
Make HTTP health checks consider response contents or specific status codes
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
Arguments :
min-recv is optional and can define the minimum amount of data required to
evaluate the current expect rule. If the number of received bytes
is under this limit, the check will wait for more data. This
option can be used to resolve some ambiguous matching rules or to
avoid executing costly regex matches on content known to be still
incomplete. If an exact string is used, the minimum between the
string length and this parameter is used. This parameter is
ignored if it is set to -1. If the expect rule does not match,
the check will wait for more data. If set to 0, the evaluation
result is always conclusive.
ok-status <st> is optional and can be used to set the check status if
the expect rule is successfully evaluated and if it is
the last rule in the tcp-check ruleset. "L7OK", "L7OKC",
"L6OK" and "L4OK" are supported and may be used to set,
respectively, HCHK_STATUS_L7OK, HCHK_STATUS_L7OKCD,
HCHK_STATUS_L6OK or HCHK_STATUS_L4OK success status.
By default "L7OK" is used.
error-status <st> is optional and can be used to set the check status if
an error occurred during the expect rule evaluation.
"L7RSP", "L7STS", "L6RSP" and "L4CON" are supported and
may be used to set, respectively, HCHK_STATUS_L7RSP,
HCHK_STATUS_L7STS, HCHK_STATUS_L6RSP or HCHK_STATUS_L4CON
error status. By default "L7RSP" is used.
tout-status <st> is optional and can be used to set the check status if
a timeout occurred during the expect rule evaluation.
"L7TOUT", "L6TOUT", and "L4TOUT" are supported and may
be used to set, respectively, HCHK_STATUS_L7TOUT,
HCHK_STATUS_L6TOUT or HCHK_STATUS_L4TOUT timeout status.
By default "L7TOUT" is used.
on-success <fmt> is optional and can be used to customize the
informational message reported in logs if the expect
rule is successfully evaluated and if it is the last rule
in the tcp-check ruleset. <fmt> is a log-format string.
on-error <fmt> is optional and can be used to customize the
informational message reported in logs if an error
occurred during the expect rule evaluation. <fmt> is a
log-format string.
<match> is a keyword indicating how to look for a specific pattern in the
response. The keyword may be one of "status", "rstatus",
"string", or "rstring". The keyword may be preceded by an
@ -4471,9 +4587,11 @@ http-check expect [!] <match> <pattern>
waste some CPU cycles, especially when regular expressions are used, and that
it is always better to focus the checks on smaller resources.
Also "http-check expect" doesn't support HTTP keep-alive. Keep in mind that it
will automatically append a "Connection: close" header, meaning that this
header should not be present in the request provided by "option httpchk".
In an http-check ruleset, the last expect rule may be implicit. If no expect
rule is specified after the last "http-check send", an implicit expect rule
is defined to match on 2xx or 3xx status codes. It means this rule is also
defined if there is no "http-check" rule at all, when only "option httpchk"
is set.
Last, if "http-check expect" is combined with "http-check disable-on-404",
then this last one has precedence when the server responds with 404.
@ -4491,23 +4609,41 @@ http-check expect [!] <match> <pattern>
# check that we have a correct hexadecimal tag before /html
http-check expect rstring <!--tag:[0-9a-f]*--></html>
See also : "option httpchk", "http-check disable-on-404"
See also : "option httpchk", "http-check connect", "http-check disable-on-404"
and "http-check send"
http-check send [hdr <name> <value>]* [body <string>]
http-check send [meth <method>] [uri <uri>] [vsn <version>]
[hdr <name> <fmt>]* [body <string>]
Add a possible list of headers and/or a body to the request sent during HTTP
health checks.
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
Arguments :
hdr <name> <value> adds the HTTP header field whose name is specified in
<name> and whose value is defined by <value> to the
request sent during HTTP health checks.
meth <method> is the optional HTTP method used with the requests. When not
set, the "OPTIONS" method is used, as it generally requires
low server processing and is easy to filter out from the
logs. Any method may be used, though it is not recommended
to invent non-standard ones.
body <string> add the body defined by <string> to the request sent
sent during HTTP health checks. If defined, the
"Content-Length" header is thus automatically added
to the request.
uri <uri> is optional and set the URI referenced in the HTTP requests.
it defaults to " / " which is accessible by default on almost
any server, but may be changed to any other URI. Query
strings are permitted.
vsn <version> is the optional HTTP version string. It defaults to
"HTTP/1.0" but some servers might behave incorrectly in HTTP
1.0, so turningit to HTTP/1.1 may sometimes help. Note that
the Host field is mandatory in HTTP/1.1, use "hdr" argument
to add it.
hdr <name> <fmt> adds the HTTP header field whose name is specified in
<name> and whose value is defined by <fmt>, which follows
to the log-format rules.
body <string> add the body defined by <string> to the request sent during
HTTP health checks. If defined, the "Content-Length" header
is thus automatically added to the request.
In addition to the request line defined by the "option httpchk" directive,
this one is the valid way to add some headers and optionally a body to the
@ -4518,6 +4654,10 @@ http-check send [hdr <name> <value>]* [body <string>]
"http-check expect" direcive is defined independently of this directive, just
like the state header if the directive "http-check send-state" is defined.
Also "http-check send" doesn't support HTTP keep-alive. Keep in mind that it
will automatically append a "Connection: close" header, meaning that this
header should not be present in the request provided by "http-check send".
See also : "option httpchk", "http-check send-state" and "http-check expect"
@ -4572,6 +4712,50 @@ http-check send-state
See also : "option httpchk", "http-check disable-on-404"
http-check set-var(<var-name>) <expr>
This operation sets the content of a variable. The variable is declared inline.
May be used in sections: defaults | frontend | listen | backend
yes | no | yes | yes
Arguments:
<var-name> The name of the variable starts with an indication about its
scope. The scopes allowed for http-check are:
"proc" : the variable is shared with the whole process.
"sess" : the variable is shared with the tcp-check session.
"check": the variable is declared for the lifetime of the tcp-check.
This prefix is followed by a name. The separator is a '.'.
The name may only contain characters 'a-z', 'A-Z', '0-9', '.',
and '-'.
<expr> Is a sample-fetch expression potentially followed by converters.
Example:
http-check set-var(check.port) int(1234)
http-check unset-var(<var-name>)
Free a reference to a variable within its scope.
May be used in sections: defaults | frontend | listen | backend
yes | no | yes | yes
Arguments:
<var-name> The name of the variable starts with an indication about its
scope. The scopes allowed for http-check are:
"proc" : the variable is shared with the whole process.
"sess" : the variable is shared with the tcp-check session.
"check": the variable is declared for the lifetime of the tcp-check.
This prefix is followed by a name. The separator is a '.'.
The name may only contain characters 'a-z', 'A-Z', '0-9', '.',
and '-'.
Example:
http-check unset-var(check.port)
http-request <action> [options...] [ { if | unless } <condition> ]
Access control for Layer 7 requests
@ -7181,11 +7365,18 @@ option httpchk <method> <uri> <version>
considered valid, while all other ones indicate a server failure, including
the lack of any response.
The port and interval are specified in the server configuration.
Combined with "http-check" directives, it is possible to customize the
request sent during the HTTP health checks or the matching rules on the
response. It is also possible to configure a send/expect sequence, just like
with the directive "tcp-check" for TCP health checks.
This option does not necessarily require an HTTP backend, it also works with
plain TCP backends. This is particularly useful to check simple scripts bound
to some dedicated ports using the inetd daemon.
The server configuration is used by default to open connections to perform
HTTP health checks. By it is also possible to overwrite server parameters
using "http-check connect" rules.
"httpchk" option does not necessarily require an HTTP backend, it also works
with plain TCP backends. This is particularly useful to check simple scripts
bound to some dedicated ports using the inetd daemon.
Note : For a while, there was no way to add headers or body in the request
used for HTTP health checks. So a workaround was to hide it at the end

36
include/types/checks.h
View File

@ -234,13 +234,38 @@ enum tcpcheck_send_type {
TCPCHK_SEND_BINARY, /* Send a binary sequence. */
TCPCHK_SEND_STRING_LF, /* Send an ASCII log-format string. */
TCPCHK_SEND_BINARY_LF, /* Send a binary log-format sequence. */
TCPCHK_SEND_HTTP, /* Send an HTTP request */
};
struct tcpcheck_http_hdr {
struct ist name; /* the header name */
struct list value; /* the log-format string value */
struct list list; /* header chained list */
};
#define TCPCHK_SND_HTTP_FL_URI_FMT 0x0001 /* Use a log-format string for the uri */
#define TCPCHK_SND_HTTP_FL_BODY_FMT 0x0002 /* Use a log-format string for the body */
#define TCPCHK_SND_HTTP_FROM_OPT 0x0004 /* Send rule coming from "option httpck" directive */
struct tcpcheck_send {
enum tcpcheck_send_type type;
union {
struct ist data; /* an ASCII string or a binary sequence */
struct list fmt; /* an ASCII or hexa log-format string */
struct {
unsigned int flags; /* TCPCHK_SND_HTTP_FL_* */
struct http_meth meth; /* the HTTP request method */
union {
struct ist uri; /* the HTTP request uri is a string */
struct list uri_fmt; /* or a log-format string */
};
struct ist vsn; /* the HTTP request version string */
struct list hdrs; /* the HTTP request header list */
union {
struct ist body; /* the HTTP request payload is a string */
struct list body_fmt; /* or a log-format string */
};
} http; /* Info about the HTTP request to send */
};
};
@ -257,6 +282,10 @@ enum tcpcheck_expect_type {
TCPCHK_EXPECT_REGEX_BINARY, /* Matches a regular pattern on a hex-encoded text. */
TCPCHK_EXPECT_BINARY, /* Matches a binary sequence. */
TCPCHK_EXPECT_CUSTOM, /* Execute a custom function. */
TCPCHK_EXPECT_HTTP_STATUS, /* Matches a string */
TCPCHK_EXPECT_HTTP_REGEX_STATUS, /* Matches a regular pattern */
TCPCHK_EXPECT_HTTP_BODY, /* Matches a string */
TCPCHK_EXPECT_HTTP_REGEX_BODY, /* Matches a regular pattern */
};
/* tcp-check expect flags */
@ -275,11 +304,11 @@ struct tcpcheck_expect {
};
struct tcpcheck_rule *head; /* first expect of a chain. */
int min_recv; /* Minimum amount of data before an expect can be applied. (default: -1, ignored) */
struct list onerror_fmt; /* log-format string to use as comment on error */
struct list onsuccess_fmt; /* log-format string to use as comment on success (if last rule) */
enum healthcheck_status ok_status; /* The healthcheck status to use on success (default: L7OKD) */
enum healthcheck_status err_status; /* The healthcheck status to use on error (default: L7RSP) */
enum healthcheck_status tout_status; /* The healthcheck status to use on timeout (default: L7TOUT) */
struct list onerror_fmt; /* log-format string to use as comment on error */
struct list onsuccess_fmt; /* log-format string to use as comment on success (if last rule) */
struct sample_expr *status_expr; /* sample expr to determine the check status code */
};
@ -311,10 +340,13 @@ struct tcpcheck_rule {
#define TCPCHK_RULES_NONE 0x00000000
#define TCPCHK_RULES_UNUSED_TCP_RS 0x00000001 /* An unused tcp-check ruleset exists */
#define TCPCHK_RULES_UNUSED_HTTP_RS 0x00000002 /* An unused http-check ruleset exists */
#define TCPCHK_RULES_UNUSED_RS 0x00000003 /* Mask for unused ruleset */
#define TCPCHK_RULES_PGSQL_CHK 0x00000010
#define TCPCHK_RULES_REDIS_CHK 0x00000020
#define TCPCHK_RULES_SMTP_CHK 0x00000030
#define TCPCHK_RULES_HTTP_CHK 0x00000040
#define TCPCHK_RULES_MYSQL_CHK 0x00000050
#define TCPCHK_RULES_LDAP_CHK 0x00000060
#define TCPCHK_RULES_SSL3_CHK 0x00000070

22
include/types/proxy.h
View File

@ -156,22 +156,10 @@ enum PR_SRV_STATE_FILE {
#define PR_O2_SRC_ADDR 0x00100000 /* get the source ip and port for logs */
#define PR_O2_FAKE_KA 0x00200000 /* pretend we do keep-alive with server eventhough we close */
/* unused : 0x00400000 */
#define PR_O2_EXP_NONE 0x00000000 /* http-check : no expect rule */
#define PR_O2_EXP_STS 0x00800000 /* http-check expect status */
#define PR_O2_EXP_RSTS 0x01000000 /* http-check expect rstatus */
#define PR_O2_EXP_STR 0x01800000 /* http-check expect string */
#define PR_O2_EXP_RSTR 0x02000000 /* http-check expect rstring */
#define PR_O2_EXP_TYPE 0x03800000 /* mask for http-check expect type */
#define PR_O2_EXP_INV 0x04000000 /* http-check expect !<rule> */
/* unused: 0x08000000 */
/* unused : 0x00400000..0x80000000 */
/* server health checks */
#define PR_O2_CHK_NONE 0x00000000 /* no L7 health checks configured (TCP by default) */
/* unused: 0x10000000..0x30000000 */
#define PR_O2_HTTP_CHK 0x40000000 /* use HTTP 'OPTIONS' method to check server health */
/* unused 0x50000000..0x80000000 */
#define PR_O2_TCPCHK_CHK 0x90000000 /* use TCPCHK check for server health */
#define PR_O2_EXT_CHK 0xA0000000 /* use external command for server health */
/* unused: 0xB0000000 to 0xF000000, reserved for health checks */
@ -418,16 +406,8 @@ struct proxy {
struct task *task; /* the associated task, mandatory to manage rate limiting, stopping and resource shortage, NULL if disabled */
struct tcpcheck_rules tcpcheck_rules; /* tcp-check send / expect rules */
int grace; /* grace time after stop request */
int check_len; /* Length of the HTTP or SSL3 request */
char *check_req; /* HTTP or SSL request to use for PR_O_HTTP_CHK|PR_O_SSL3_CHK */
int check_body_len; /* Length of the request body for HTTP checks */
char *check_hdrs; /* Request headers for HTTP cheks */
int check_hdrs_len; /* Length of the headers for HTTP checks */
char *check_body; /* Request body for HTTP cheks */
char *check_command; /* Command to use for external agent checks */
char *check_path; /* PATH environment to use for external agent checks */
char *expect_str; /* http-check expected content : string or text version of the regex */
struct my_regex *expect_regex; /* http-check expected content */
struct buffer *errmsg[HTTP_ERR_SIZE]; /* default or customized error messages for known errors */
int uuid; /* universally unique proxy ID, used for SNMP */
unsigned int backlog; /* force the frontend's listen backlog */

40
src/cfgparse-listen.c
View File

@ -166,7 +166,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
{
static struct proxy *curproxy = NULL;
const char *err;
char *error;
int rc;
unsigned val;
int err_code = 0;
@ -285,25 +284,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
curproxy->redispatch_after = defproxy.redispatch_after;
curproxy->max_ka_queue = defproxy.max_ka_queue;
if (defproxy.check_req) {
curproxy->check_req = calloc(1, defproxy.check_len);
memcpy(curproxy->check_req, defproxy.check_req, defproxy.check_len);
}
curproxy->check_len = defproxy.check_len;
if (defproxy.check_hdrs) {
curproxy->check_hdrs = calloc(1, defproxy.check_hdrs_len);
memcpy(curproxy->check_hdrs, defproxy.check_hdrs, defproxy.check_hdrs_len);
}
curproxy->check_hdrs_len = defproxy.check_hdrs_len;
if (defproxy.check_body) {
curproxy->check_body = calloc(1, defproxy.check_body_len);
memcpy(curproxy->check_body, defproxy.check_body, defproxy.check_body_len);
}
curproxy->check_body_len = defproxy.check_body_len;
curproxy->tcpcheck_rules.flags = (defproxy.tcpcheck_rules.flags & ~TCPCHK_RULES_UNUSED_TCP_RS);
curproxy->tcpcheck_rules.flags = (defproxy.tcpcheck_rules.flags & ~TCPCHK_RULES_UNUSED_RS);
curproxy->tcpcheck_rules.list = defproxy.tcpcheck_rules.list;
if (!LIST_ISEMPTY(&defproxy.tcpcheck_rules.preset_vars)) {
if (!dup_tcpcheck_vars(&curproxy->tcpcheck_rules.preset_vars,
@ -315,21 +296,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
}
}
if (defproxy.expect_str) {
curproxy->expect_str = strdup(defproxy.expect_str);
if (defproxy.expect_regex) {
/* note: this regex is known to be valid */
error = NULL;
if (!(curproxy->expect_regex = regex_comp(defproxy.expect_str, 1, 1, &error))) {
ha_alert("parsing [%s:%d] : regular expression '%s' : %s\n", file, linenum,
defproxy.expect_str, error);
free(error);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
}
curproxy->ck_opts = defproxy.ck_opts;
if (defproxy.cookie_name)
curproxy->cookie_name = strdup(defproxy.cookie_name);
@ -502,7 +468,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
goto out;
}
free(defproxy.check_req);
free(defproxy.check_command);
free(defproxy.check_path);
free(defproxy.cookie_name);
@ -521,9 +486,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
defproxy.orgto_hdr_len = 0;
free(defproxy.server_id_hdr_name);
defproxy.server_id_hdr_len = 0;
free(defproxy.expect_str);
regex_free(defproxy.expect_regex);
defproxy.expect_regex = NULL;
if (defproxy.conf.logformat_string != default_http_log_format &&
defproxy.conf.logformat_string != default_tcp_log_format &&

12
src/cfgparse.c
View File

@ -2504,7 +2504,14 @@ int check_config_validity()
else if (curproxy->options & PR_O_TRANSP)
curproxy->options &= ~(PR_O_DISPATCH | PR_O_HTTP_PROXY);
if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_HTTP_CHK) {
if ((curproxy->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_HTTP_RS)) {
ha_warning("config : %s '%s' uses http-check rules without 'option httpchk', so the rules are ignored.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_TCPCHK_CHK &&
(curproxy->tcpcheck_rules.flags & TCPCHK_RULES_PROTO_CHK) == TCPCHK_RULES_HTTP_CHK) {
if (curproxy->options & PR_O_DISABLE404) {
ha_warning("config : '%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
"disable-on-404", proxy_type_str(curproxy), curproxy->id);
@ -3097,8 +3104,7 @@ out_uri_auth_compat:
}
}
if ((curproxy->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_TCP_RS) &&
(curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_TCPCHK_CHK) {
if ((curproxy->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_TCP_RS)) {
ha_warning("config : %s '%s' uses tcp-check rules without 'option tcp-check', so the rules are ignored.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;

1319
src/checks.c
View File

File diff suppressed because it is too large Load Diff

3
src/haproxy.c
View File

@ -2526,9 +2526,6 @@ void deinit(void)
while (p) {
free(p->conf.file);
free(p->id);
free(p->check_req);
free(p->check_hdrs);
free(p->check_body);
free(p->cookie_name);
free(p->cookie_domain);
free(p->cookie_attrs);

3
src/session.c
View File

@ -216,7 +216,8 @@ int session_accept_fd(struct listener *l, int cfd, struct sockaddr_storage *addr
if (l->proto->drain)
l->proto->drain(cfd);
if (p->mode == PR_MODE_HTTP ||
(p->mode == PR_MODE_HEALTH && (p->options2 & PR_O2_CHK_ANY) == PR_O2_HTTP_CHK))
(p->mode == PR_MODE_HEALTH && (p->options2 & PR_O2_CHK_ANY) == PR_O2_TCPCHK_CHK &&
(p->tcpcheck_rules.flags & TCPCHK_RULES_PROTO_CHK) == TCPCHK_RULES_HTTP_CHK))
send(cfd, "HTTP/1.0 200 OK\r\n\r\n", 19, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_MORE);
else if (p->mode == PR_MODE_HEALTH)
send(cfd, "OK\n", 3, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_MORE);