haproxy: WebDAV simply won’t work with Microsoft Windows

So I have HAproxy listening for http/https on a virtual IP.

I have two Apache2 (apacheserver1 and apacheserver2) servers serving web traffic.

Everything is working fine – I am serving web pages, my clients are forced to use https, my SSL cert is signed correctly and my users can connect to their WebDAV areas using Finder (Mac) and Nautilus (Linux).

Great.

Now, here comes the serious trouble – Windows clients can’t connect via WebDAV.

Here is the command:

net use X: \\myserver.com@SSL\home\eamorr

And the error:

System error 67 has occurred. 

(I can connect perfectly fine to https://myserver.com/home/eamorr on Mac/Linux)

When I do:

net use X: \\apacheserver1.com@8080\home\eamorr

It works fine (I’m connecting directly to apacheserver1:8080 – no SSL).

When I do:

net use X: \\apacheserver1.com@SSL@8081\home\eamorr

It works fine (I’m connecting directly to apacheserver1:8081 – SSL enabled).

But when I go through the haproxy, it just will not work…

Here’s my haproxy config:

frontend www-http
bind 137.43.99.100:80   #A virtual IP
#reqadd X-Forwarded-Proto:\ http
default_backend http-backend


frontend www-https
bind 137.43.93.215:443 ssl crt /etc/apache2/ssl/combined.pem
#reqadd X-Forwarded-Proto:\ http
#reqirep Destination:\ https(.*) Destination:\ http\\1
#rspidel ^translate
default_backend http-backend


backend http-backend
cookie JSESSIONID insert
#reqirep Destination:\ https(.*) Destination:\ http\\1
server apacheserver1 137.43.99.101:8080 cookie apacheserver1 check
server apacheserver2 137.43.99.102:8080 cookie apacheserver2 check
#redirect scheme https if !{ ssl_fc }   #forces https!
#option forwardfor
#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }

When I try to connect via

net use X: \\myserver.com@SSL\home\eamorr #A Windows command

here’s the server-side HAProxy log (/var/log/haproxy.log):

Mar  5 11:51:00 apacheserver1 haproxy[22786]: 137.43.130.107:51168 [05/Mar/2015:11:50:25.233] www-https~ http-backend/apacheserver1 35691/0/1/11/35703 301 511 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home/eamorr HTTP/1.1"
Mar  5 11:51:01 apacheserver1 haproxy[22786]: 137.43.130.107:51168 [05/Mar/2015:11:51:00.936] www-https~ http-backend/apacheserver1 97/0/0/2/99 301 497 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home HTTP/1.1"

And here’s the output from Apache2 (with trace8 debugging info enabled):

Request received from client: OPTIONS /home HTTP/1.1
Headers received from client:
User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
translate: f
Host: myserver.com
AH01626: authorization result of Require all granted: granted
AH01626: authorization result of <RequireAny>: granted
request authorized without authentication by access_checker_ex hook: /home
fixups hook gave 301: /home
Response sent with status 301, headers:
Date: Thu, 05 Mar 2015 12:09:50 GMT
Server: Apache/2.4.7 (Ubuntu)
Location: http://myserver.com/home/
Content-Length: 312
Content-Type: text/html; charset=iso-8859-1
core_output_filter: flushing because of FLUSH bucket
core_output_filter: flushing because of FLUSH bucket

When I connect from Linux (which works fine!), I get the following /var/log/haproxy.log:

Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.062] www-https~ http-backend/apacheserver1 114/0/0/14/128 200 303 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home/eamorr HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.190] www-https~ http-backend/apacheserver1 3/0/0/3/6 207 474 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.196] www-https~ http-backend/apacheserver1 1/0/0/2/3 200 172 - - --VN 1/1/0/1/0 0/0 "OPTIONS /home/ HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.200] www-https~ http-backend/apacheserver1 31/0/0/3/34 207 901 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.234] www-https~ http-backend/apacheserver1 52/0/0/10/62 207 2188 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"

and here is the Apache2 output:

Request received from client: OPTIONS /home/eamorr HTTP/1.1
Setting redirect-carefully
Headers received from client:
Host: myserver.com
Accept-Encoding: gzip, deflate
User-Agent: gvfs/1.20.1
Accept-Language: en-ie, en;q=0.9, en;q=0.8
AH01626: authorization result of Require all granted: granted
AH01626: authorization result of <RequireAny>: granted
request authorized without authentication by access_checker_ex hook: /home/eamorr
Content-Type 'application/octet-stream' ...
... did not match 'application/xml'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'application/rss+xml'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'application/x-javascript'
... did not match 'application/javascript'
... did not match 'application/ecmascript'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'text/css'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'text/html'
... did not match 'text/plain'
... did not match 'text/xml'
Content-Type condition for 'deflate' did not match
Response sent with status 200, headers:
Date: Thu, 05 Mar 2015 12:15:44 GMT
Server: Apache/2.4.7 (Ubuntu)
DAV: 1,2
DAV: <http://apache.org/dav/propset/fs/1>
MS-Author-Via: DAV
Allow: OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK
Content-Length: 0
core_output_filter: flushing because of FLUSH bucket

I’m really, really stuck here.

Apache/2.4.7 (Ubuntu 14.04.2)
haproxy 1.5.11

Answer

Attribution
Source : Link , Question Author : ostrich , Answer Author : Steven Kirkland