Comment 0 for bug 1919468

I figured that the current latest HAProxy (2.0.13-2ubuntu0.1) for focal has a problem closing connections, even if "connection: close" is being sent, the connection is not closed afterwards. The problem does not exist if "no option http-use-htx" is set (disabling HTX). The problem only affects the HEAD-method.

Using 2.0.20 (2.0.20-1ppa1~focal, https://haproxy.debian.net/) of vbernat's Debian HAProxy repo, this works flawless with and without HTX.

I marked this as security relevant because I believe that this bug can be used for DoS, just like Slowloris, but much easier, because no effort is required to keep the connection open.

Here is a minimal (working with 2.0.20-1ppa1~focal, not working with 2.0.13-2ubuntu0.1) example cfg:

```
global
        user haproxy
        group haproxy
        daemon

frontend test
        bind *:80
        mode http
```

Here is a minimal working example cfg:
```
global
        user haproxy
        group haproxy
        daemon

frontend test
        bind *:80
        mode http
        no option http-use-htx

```

Testing can be done multiple ways:

curl will not close the connection:
```
curl -v -XHEAD http://10.0.0.1/
```

curl will close the connection:
```
curl -v -I http://10.0.0.1/
```

To exclude any curl related problems:
```
telnet 10.0.0.1 80
HEAD / HTTP/1.1
```

To summarize:

I expect to happen: Connections get closed proactively by server if "connection: close" header is sent.
This happens: Connections stay open and in CLOSE-WAIT on server.