Ah, that makes sense. If the LB is HTTP aware, you want to make sure that the app server isn't more restrictive. Didn't the LB retry the request until it ran out of retries?
These situations are somewhat dangerous because client requests will eventually cause the LB to think servers are unhealthy until the whole cluster is down. If an attacker notices this, it's an easy DoS
I felt like the appropriate way to handle "mal-formatted" requests was to drop the transport to be safe, however yeah, it was more restrictive. During my migration I added a couple more headers and it threw it over the limit.
I just use RR upstreams in nginx so it just keeps trying, but I can definitely see where that could be an issue in another configuration.
Very large tech companies still get this wrong so 🤷🏻♂️
