Re: HAProxy 1.7.5: conn_cur value problem with peer stick-table

Hi Maxime, On Fri, May 19, 2017 at 02:28:40PM +0200, Maxime Guillet wrote: > 2/ If I launch the same test on both haproxy servers and peers > configuration activated, I can see the conn_cur counter always increasing > > $ ab -n 2000 -c 20 http://10.0.0.2/ > $ ab -n 2000 -c 20 http://10.0.0.3/

Re: Graceful shutdown of haproxy

On Mon, May 22, 2017 at 12:23:31PM -0700, Gold Star wrote: > Thanks for pointing out the obvious flaw Maciej. > > Is it possible to modify option #2 (Lua-script powered endpoint) to define > a read-write endpoint where read endpoint (HTTP GET) returns the health > status while the write endpoint (

Re: RFC: ipv6mask converter

Hi Jarno, On Sun, May 21, 2017 at 07:49:00PM +0300, Jarno Huuskonen wrote: > Hi, > > I noticed that ipv6 version of ipmask() converter is missing ? > > I'm attaching an example implementation for ipv6mask (incomplete: > missing at least documentation / lua) for comments. > > Maybe instead of ju

Re: haproxy does not capture the complete request header host sometimes

On Tue, May 23, 2017 at 10:13:40AM +0200, Aleksandar Lazic wrote: > Hi siclesang. > > siclesang have written on Mon, 22 May 2017 11:11:31 +0800 (CST): > > > hi > > i have a problem:haproxy does not capture the complete request > > header host sometimes > > Which header do you miss? > How long

Re: New feature proposal: Add support for decompressing proxyed gziped requests

Hi, On Fri, May 26, 2017 at 06:57:14PM +0200, Aleksandar Lazic wrote: > Hi Vasileios Kyrillidis. > > Vasileios Kyrillidis have > written on Fri, 26 May 2017 16:17:48 +0200: > > > Hi Aleksandar, > > > > No patches yet. We wanted confirmation that it has a chance of > > getting merged before spe

Re: [PATCH] MINOR: boringssl: basic support for OCSP Stapling

Hi Manu, On Mon, May 22, 2017 at 03:01:56PM +0200, Emmanuel Hocdet wrote: > Hi Emeric, > > > Le 22 mai 2017 à 14:21, Emeric Brun a écrit : > > On 03/29/2017 04:46 PM, Emmanuel Hocdet wrote: > >> > >> Use boringssl SSL_CTX_set_ocsp_response to set OCSP response from file with > >> '.ocsp' extens

Re: Deny with 413 request too large

On Mon, May 22, 2017 at 07:08:13PM -0300, Joao Morais wrote: > > > Em 17 de mai de 2017, à(s) 19:34, Bryan Talbot > > escreveu: > > > > > >> On May 15, 2017, at May 15, 6:35 PM, Joao Morais > >> wrote: > >> > >> errorfile 413 /usr/local/etc/haproxy/errors/413.http > >> http-request den

Re: [PATCH] MEDIUM: ssl: disable SSLv3 per default for bind

On Thu, May 25, 2017 at 06:36:32PM +0200, Lukas Tribus wrote: > Hello, > > > Am 23.05.2017 um 17:17 schrieb Emmanuel Hocdet: > > Hi, > > > > I think it's time to disable SSLv3 on bind line per default. > > All configurations should have no-sslv3 (or used a ssllib without sslv3). > > SSLv3 can be

Re: haproxy 1.7.5 segfault on cookie/header parsing.

Hello Jean, On Fri, May 26, 2017 at 01:00:17PM +, Jean LUBATTI wrote: > Hello, > > When using a vulnerability scanner on haproxy 1.7.5, we discovered a scenario > under which the haproxy segfaults. > > Unfortunately, this is a "bundled" scanner whith no access to the exact > requests, and th

Re: OpenSSL engine and async support

Hi Emeric, Grant, patch set now merged! Thank you both for this great work! Willy

Re: [RFC][PATCHES] seamless reload

Hi William, On Sat, May 27, 2017 at 12:08:38AM +0200, William Lallemand wrote: > The attached patches provide the "expose-fd listeners" stats socket option and > remove the "no-unused-socket" global option. > > It behaves exactly has Willy explain above minus the master process :-) > > ps: Maste

Re: [RFC][PATCHES] seamless reload

Hi guys, On Fri, May 12, 2017 at 04:26:01PM +0200, Willy Tarreau wrote: > In fact William is currently working on the master-worker model to get rid > of the systemd-wrapper and found some corner cases between this and your > patchset. Nothing particularly difficult, just the fact that he'll need

Re: New feature proposal: Add support for decompressing proxyed gziped requests

Hi Vasileios Kyrillidis. Vasileios Kyrillidis have written on Fri, 26 May 2017 16:17:48 +0200: > Hi Aleksandar, > > No patches yet. We wanted confirmation that it has a chance of > getting merged before spending the time implementing. We have other > solutions that we could pursue instead. > >

Re: New feature proposal: Add support for decompressing proxyed gziped requests

Hi Aleksandar, No patches yet. We wanted confirmation that it has a chance of getting merged before spending the time implementing. We have other solutions that we could pursue instead. If merging looks promising we will start working on patches. Cheers, Vasilis On 24/05/17 23:08, Aleksanda

haproxy 1.7.5 segfault on cookie/header parsing.

Hello, When using a vulnerability scanner on haproxy 1.7.5, we discovered a scenario under which the haproxy segfaults. Unfortunately, this is a "bundled" scanner whith no access to the exact requests, and the haproxy terminates the SSL for https, so not easy to capture the actual traffic, but