Update docs for 2.8

Author: HAProxy Community

docs/2.8/configuration.html

@@ -2,7 +2,7 @@
 <html lang="en">
 	<head>
 		<meta charset="utf-8" />
-		<title>HAProxy version 2.8.11 - Configuration Manual</title>
+		<title>HAProxy version 2.8.11-8 - Configuration Manual</title>
 		<link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" />
 		<link href="https://raw.githubusercontent.com/thomaspark/bootswatch/v3.3.7/cerulean/bootstrap.min.css" rel="stylesheet" />
 		<link href="../css/page.css?0.4.2-15" rel="stylesheet" />
@@ -4294,7 +4294,7 @@
 					You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
 				</p>
 				<p class="text-right">
-					<small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/09/19</b></small>
+					<small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/10/01</b></small>
 				</p>
 			</div>
 			<!-- /.sidebar -->
@@ -4305,7 +4305,7 @@
 						<div class="text-center">
                             <h1><a href="http://www.haproxy.org/" title="HAProxy"><img src="../img/HAProxyCommunityEdition_60px.png?0.4.2-15" /></a></h1>
 							<h2>Configuration Manual</h2>
-							<p><strong>version 2.8.11</strong></p>
+							<p><strong>version 2.8.11-8</strong></p>
 							<p>
 								2024/09/19<br>
 
@@ -13713,35 +13713,53 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
 <div class="separator">
 <span class="label label-info">Arguments :</span> none
 </div>
-<pre class="text">By default, HAProxy complies with RFC7230 in terms of message parsing. This
-means that invalid characters in header names are not permitted and cause an
-error to be returned to the client. This is the desired behavior as such
-forbidden characters are essentially used to build attacks exploiting server
-weaknesses, and bypass security filtering. Sometimes, a buggy browser or
-server will emit invalid header names for whatever reason (configuration,
-implementation) and the issue will not be immediately fixed. In such a case,
-it is possible to relax HAProxy's header name parser to accept any character
-even if that does not make sense, by specifying this option. Similarly, the
-list of characters allowed to appear in a URI is well defined by RFC3986, and
-chars 0-31, 32 (space), 34 ('&quot;'), 60 ('&lt;'), 62 ('&gt;'), 92 ('\'), 94 ('^'), 96
-('`'), 123 ('{'), 124 ('|'), 125 ('}'), 127 (delete) and anything above are
-not allowed at all. HAProxy always blocks a number of them (0..32, 127). The
-remaining ones are blocked by default unless this option is enabled. This
-option also relaxes the test on the HTTP version, it allows HTTP/0.9 requests
-to pass through (no version specified), as well as different protocol names
-(e.g. RTSP), and multiple digits for both the major and the minor version.
-Finally, this option also allows incoming URLs to contain fragment references
-('#' after the path).
+<pre class="text">By default, HAProxy complies with the different HTTP RFCs in terms of message
+parsing. This means the message parsing is quite strict and causes an error
+to be returned to the client for malformed messages. This is the desired
+behavior as such malformed messages are essentially used to build attacks
+exploiting server weaknesses, and bypass security filtering. Sometimes, a
+buggy browser will not respect these RCFs for whatever reason (configuration,
+implementation...) and the issue will not be immediately fixed. In such case,
+it is possible to relax HAProxy's parser to accept some invalid requests by
+specifying this option. Most of rules concern the H1 parsing for historical
+reason. Newer HTTP versions tends to be cleaner and applications follow more
+stickly these protocols.
+
+When this option is set, the following rules are observed:
+
+  * In H1 only, invalid characters, including NULL character, in header name
+    will be accepted;
+
+  * In H1 only, NULL character in header value will be accepted;
+
+  * The list of characters allowed to appear in a URI is well defined by
+    RFC3986, and chars 0-31, 32 (space), 34 ('&quot;'), 60 ('&lt;'), 62 ('&gt;'), 92
+    ('\'), 94 ('^'), 96 ('`'), 123 ('{'), 124 ('|'), 125 ('}'), 127 (delete)
+    and anything above are normally not allowed. But here, in H1 only,
+    HAProxy will only block a number of them (0..32, 127);
+
+  * In H1 and H2, URLs containing fragment references ('#' after the path)
+    will be accepted;
+
+  * In H1 only, no check will be performed on the authority for CONNECT
+    requests;
+
+  * In H1 only, no check will be performed against the authority and the Host
+    header value.
+
+  * In H1 only, tests on the HTTP version will be relaxed. It will allow
+    HTTP/0.9 GET requests to pass through (no version specified), as well as
+    different protocol names (e.g. RTSP), and multiple digits for both the
+    major and the minor version.
 
 This option should never be enabled by default as it hides application bugs
 and open security breaches. It should only be deployed after a problem has
 been confirmed.
 
-When this option is enabled, erroneous header names will still be accepted in
-requests, but the complete request will be captured in order to permit later
-analysis using the &quot;show errors&quot; request on the UNIX stats socket. Similarly,
-requests containing invalid chars in the URI part will be logged. Doing this
-also helps confirming that the issue has been solved.
+When this option is enabled, invalid but accepted H1 requests will be
+captured in order to permit later analysis using the &quot;show errors&quot; request on
+the UNIX stats socket.Doing this also helps confirming that the issue has
+been solved.
 
 If this option has been enabled in a &quot;defaults&quot; section, it can be disabled
 in a specific instance by prepending the &quot;no&quot; keyword before it.
@@ -13754,17 +13772,28 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
 <div class="separator">
 <span class="label label-info">Arguments :</span> none
 </div>
-<pre class="text">By default, HAProxy complies with RFC7230 in terms of message parsing. This
-means that invalid characters in header names are not permitted and cause an
-error to be returned to the client. This is the desired behavior as such
-forbidden characters are essentially used to build attacks exploiting server
-weaknesses, and bypass security filtering. Sometimes, a buggy browser or
-server will emit invalid header names for whatever reason (configuration,
-implementation) and the issue will not be immediately fixed. In such a case,
-it is possible to relax HAProxy's header name parser to accept any character
-even if that does not make sense, by specifying this option. This option also
-relaxes the test on the HTTP version format, it allows multiple digits for
-both the major and the minor version.
+<pre class="text">Similarly to &quot;<a href="#option%20accept-invalid-http-request">option accept-invalid-http-request</a>&quot;, this option may be used to
+relax parsing rules of HTTP responses. It should only be enabled for trusted
+legacy servers to accept some invalid responses. Most of rules concern the H1
+parsing for historical reason. Newer HTTP versions tends to be cleaner and
+applications follow more stickly these protocols.
+
+When this option is set, the following rules are observed:
+
+  * In H1 only, invalid characters, including NULL character, in header name
+    will be accepted;
+
+  * In H1 only, NULL character in header value will be accepted;
+
+  * In H1 only, empty values or several &quot;chunked&quot; value occurrences for
+    Transfer-Encoding header will be accepted;
+
+  * In H1 only, no check will be performed against the authority and the Host
+    header value.
+
+  * In H1 only, tests on the HTTP version will be relaxed. It will allow
+    different protocol names (e.g. RTSP), and multiple digits for both the
+    major and the minor version.
 
 This option should never be enabled by default as it hides application bugs
 and open security breaches. It should only be deployed after a problem has
@@ -27795,7 +27824,7 @@ <h2 id="chapter-11.3" data-target="11.3"><small><a class="small" href="#11.3">11
 						<br>
 						<hr>
 						<div class="text-right">
-							HAProxy 2.8.11 &ndash; Configuration Manual<br>
+							HAProxy 2.8.11-8 &ndash; Configuration Manual<br>
 							<small>, 2024/09/19</small>
 						</div>
 					</div>

docs/2.8/intro.html

@@ -2,7 +2,7 @@
 <html lang="en">
 	<head>
 		<meta charset="utf-8" />
-		<title>HAProxy version 2.8.11 - Starter Guide</title>
+		<title>HAProxy version 2.8.11-8 - Starter Guide</title>
 		<link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" />
 		<link href="https://raw.githubusercontent.com/thomaspark/bootswatch/v3.3.7/cerulean/bootstrap.min.css" rel="stylesheet" />
 		<link href="../css/page.css?0.4.2-15" rel="stylesheet" />
@@ -484,7 +484,7 @@
 					You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
 				</p>
 				<p class="text-right">
-					<small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/09/19</b></small>
+					<small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/10/01</b></small>
 				</p>
 			</div>
 			<!-- /.sidebar -->
@@ -495,7 +495,7 @@
 						<div class="text-center">
                             <h1><a href="http://www.haproxy.org/" title="HAProxy"><img src="../img/HAProxyCommunityEdition_60px.png?0.4.2-15" /></a></h1>
 							<h2>Starter Guide</h2>
-							<p><strong>version 2.8.11</strong></p>
+							<p><strong>version 2.8.11-8</strong></p>
 							<p>
 								<br>
 
@@ -2515,7 +2515,7 @@ <h2 id="chapter-4.4" data-target="4.4"><small><a class="small" href="#4.4">4.4.<
 						<br>
 						<hr>
 						<div class="text-right">
-							HAProxy 2.8.11 &ndash; Starter Guide<br>
+							HAProxy 2.8.11-8 &ndash; Starter Guide<br>
 							<small>, </small>
 						</div>
 					</div>

docs/2.8/management.html

@@ -2,7 +2,7 @@
 <html lang="en">
 	<head>
 		<meta charset="utf-8" />
-		<title>HAProxy version 2.8.11 - Management Guide</title>
+		<title>HAProxy version 2.8.11-8 - Management Guide</title>
 		<link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" />
 		<link href="https://raw.githubusercontent.com/thomaspark/bootswatch/v3.3.7/cerulean/bootstrap.min.css" rel="stylesheet" />
 		<link href="../css/page.css?0.4.2-15" rel="stylesheet" />
@@ -610,7 +610,7 @@
 					You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
 				</p>
 				<p class="text-right">
-					<small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/09/19</b></small>
+					<small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/10/01</b></small>
 				</p>
 			</div>
 			<!-- /.sidebar -->
@@ -621,7 +621,7 @@
 						<div class="text-center">
                             <h1><a href="http://www.haproxy.org/" title="HAProxy"><img src="../img/HAProxyCommunityEdition_60px.png?0.4.2-15" /></a></h1>
 							<h2>Management Guide</h2>
-							<p><strong>version 2.8.11</strong></p>
+							<p><strong>version 2.8.11-8</strong></p>
 							<p>
 								<br>
 
@@ -4971,7 +4971,7 @@ <h3 id="chapter-9.4.1" data-target="9.4.1"><small><a class="small" href="#9.4.1"
 						<br>
 						<hr>
 						<div class="text-right">
-							HAProxy 2.8.11 &ndash; Management Guide<br>
+							HAProxy 2.8.11-8 &ndash; Management Guide<br>
 							<small>, </small>
 						</div>
 					</div>