I am getting 400 bad request error under apache ssl logs on real hosts when using haproxy option ssl-hello-chk. My setup uses haproxy as a load balancer to handle ssl requests and pass it on to the reals. AFAIK "ssl-hello-chk" in haproxy sends ssl hello mesg to the hosts to make sure hosts are available. this is better than the normal tcp only check. Any idea why its logging 400 error when hello messages should not be logged at all. Also not sure if it is working correctly?
Thanks,
Tevez G
Best Answer
You can increase the apache loglevel to get more information about the HAPROXY hello request.
To see what happens you could use curl and switch on verbose messages:
Curl should inform you about the different processess including client-hello and server-hello.
Then also check apache logs
This is how such a curl request looks like: