GSMA Mobile World Congress Americas 2017- Attendees list

[Jerry Jones]

 

 

Hi,

Hope this note finds you good

 

I understand that you are one of the Exhibitor of upcoming event "GSMA
Mobile World Congress Americas 2017" which is held on September 12th - 14th
San Francisco|USA.

 

I thought I'd check if you are interested in acquiring "GSMA Mobile World
Congress Americas 2017- Prospective Visitors List" for pre-show marketing
campaign, Appointment Setting, Networking and various Marketing initiative.

 

If you are interested, drop me a line. We will get back to you with pricing,
counts and other information for your review. 

 

Thank you and I look forward to hear from you soon!

 

Regards,

Jerry Jones | Inside Sales| 

 

"If you don't wish to receive email from us please reply back with LEAVE
OUT"

 

 

 

Re: capture.req.uri max length?

[Philip Seidel]

Thanks Willy!  That worked perfectly.

Phil

On Fri, Sep 1, 2017 at 1:12 PM, Willy Tarreau  wrote:

> Hi Philip,
>
> On Fri, Sep 01, 2017 at 09:28:50AM -0400, Philip Seidel wrote:
> > Is there a maximum length when using capture.req.uri?  It appears that
> the
> > value is truncated when approaching close to 1024 bytes.  It appears to
> be
> > 1020 from the tests I was running.  I have attempted to reduce
> > tune.maxrewrite to 1024 since tune.bufsize is 16k; however, it appears
> that
> > this doesn't have any impact.  Are there some other settings that need to
> > be adjusted to ensure that the value is not truncated?
>
> It was made configurable very recently in 1.8-dev but it's not backported.
> Instead you may apply the other solution documented in the commit message :
>
>   commit 23e9e931284b44e9d06cca26ab13648873b4029b
>   Author: Stéphane Cottin 
>   Date:   Thu May 18 08:58:41 2017 +0200
>
> MINOR: log: Add logurilen tunable.
>
> The default len of request uri in log messages is 1024. In some use
> cases, you need to keep the long trail of GET parameters. The only
> way to increase this len is to recompile with DEFINE=-DREQURI_LEN=2048.
>
> This commit introduces a tune.http.logurilen configuration directive,
> allowing to tune this at runtime.
>
> Hoping this helps,
> Willy
>

RE: Enable SSL Forward Secrecy

[Rachel Davis]

Hi,

I recently started receiving the emails for jgronow...@ditronics.com, can you 
please remove this name from whatever list this is?

Regards,

Rachel Davis
IT Help Desk

7699 W. Post Road
Las Vegas, NV  89113
Mobile: 702.600.0472
Customer Service: 800.845.3065
Website:  www.ditronics.com

-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Friday, September 1, 2017 10:55 AM
To: Daniel Schneller 
Cc: Lukas Tribus ; Julian Zielke 
; Cyril Bonté ; 
haproxy+h...@formilux.org 
Subject: Re: Enable SSL Forward Secrecy

On Fri, Sep 01, 2017 at 07:37:50PM +0200, Daniel Schneller wrote:
> Hi,
>
> inspired by this, I added a paragraph with links to the documentation.
> Small patch attached.

Cool, thanks Daniel, now applied.

Willy



Ditronics, LLC email disclaimer:
This communication, including attachments, is intended only for the exclusive 
use of addressee and may contain proprietary, confidential, or privileged 
information. Any use, review, duplication, disclosure, dissemination, or 
distribution is strictly prohibited. If you were not the intended recipient, 
you have received this communication in error. Please notify sender immediately 
by return e-mail, delete this communication, and destroy any copies.

Re: Enable SSL Forward Secrecy

[Willy Tarreau]

On Fri, Sep 01, 2017 at 07:37:50PM +0200, Daniel Schneller wrote:
> Hi,
> 
> inspired by this, I added a paragraph with links to the documentation.
> Small patch attached.

Cool, thanks Daniel, now applied.

Willy

Re: Enable SSL Forward Secrecy

[Daniel Schneller]

Hi,inspired by this, I added a paragraph with links to the documentation.Small patch attached.Cheers,Daniel

0001-DOC-Refer-to-Mozilla-TLS-info-config-generator.patch
Description: Binary data

-- Daniel SchnellerPrincipal Cloud Engineer CenterDevice GmbH                  | Hochstraße 11                                   | 42697 Solingentel: +49 1754155711                | Deutschlanddaniel.schnel...@centerdevice.de   | www.centerdevice.deGeschäftsführung: Dr. Patrick Peschlow, Dr. Lukas Pustina,Michael Rosbach, Handelsregister-Nr.: HRB 18655,HR-Gericht: Bonn, USt-IdNr.: DE-815299431

On 1. Sep. 2017, at 19:05, Willy Tarreau  wrote:On Fri, Sep 01, 2017 at 07:04:36PM +0200, Willy Tarreau wrote:Hi Cyril,s/Cyril/Lukas, sorry guys, that's what happens when I read one e-mailand reply to another one at the same time :-)Willy

[PATCH] DOC: Add note about "* " prefix in CSV stats

[Daniel Schneller]

Just a little documentation patch I wrote, after stumbling across this:https://github.com/dschneller/bosun/commit/6ca776dd6543d123a135b4a84a5e3e66093c3986

0001-DOC-Add-note-about-prefix-in-CSV-stats.patch
Description: Binary data
Cheers,Daniel
-- Daniel SchnellerPrincipal Cloud Engineer CenterDevice GmbH                  | Hochstraße 11                                   | 42697 Solingentel: +49 1754155711                | Deutschlanddaniel.schnel...@centerdevice.de   | www.centerdevice.deGeschäftsführung: Dr. Patrick Peschlow, Dr. Lukas Pustina,Michael Rosbach, Handelsregister-Nr.: HRB 18655,HR-Gericht: Bonn, USt-IdNr.: DE-815299431

Re: Is there a way to extract list of bound IPs via stats socket ?

[Mariusz Gronczewski]

On Fri, 1 Sep 2017 17:49:38 +0200, Lukas Tribus  wrote:

> Hello,
>
>
> Am 01.09.2017 um 15:46 schrieb Mariusz Gronczewski:
> > Hi,
> >
> > I've been working on a piece of code to announce IPs (via ExaBGP) only if:
> >
> > * HAProxy is running
> > * HAProxy actually uses a given IP
> > * a frontend with given IP is up for few seconds.
> >
> > I could do that via lsof but that's pretty processor-intensive.
>
> Not sure about the stats or admin socket, but why not use ss instead?
>
> Something like:
> sudo ss -tln  '( sport = :80 or sport = :443 )'
>
> add "-p" if you need the PID.
>
> Should perform well enough.
>
Huh, interesting.

I just assumed it will be similiar speed no matter which tool I use to get that 
info but ss does that < 100 ms while lsof and netstat take ages:

time lsof -iTCP -sTCP:LISTEN >/dev/null

real0m13.460s
user0m0.201s
sys 0m12.897s

time netstat -l -n -t >/dev/null

real0m43.439s
user0m0.190s
sys 0m42.395s

time  ss -tln  '( sport = :80 or sport = :443 )' >/dev/null

real0m0.032s
user0m0.000s
sys 0m0.032s


Now I know why netstat is getting replaced instead of "just" fixed... thanks.


--
Mariusz Gronczewski, Administrator

Efigence S. A.
ul. Wołoska 9a, 02-583 Warszawa
T: [+48] 22 380 13 13
F: [+48] 22 380 13 14
E: mariusz.gronczew...@efigence.com 

Re: capture.req.uri max length?

[Willy Tarreau]

Hi Philip,

On Fri, Sep 01, 2017 at 09:28:50AM -0400, Philip Seidel wrote:
> Is there a maximum length when using capture.req.uri?  It appears that the
> value is truncated when approaching close to 1024 bytes.  It appears to be
> 1020 from the tests I was running.  I have attempted to reduce
> tune.maxrewrite to 1024 since tune.bufsize is 16k; however, it appears that
> this doesn't have any impact.  Are there some other settings that need to
> be adjusted to ensure that the value is not truncated?

It was made configurable very recently in 1.8-dev but it's not backported.
Instead you may apply the other solution documented in the commit message :

  commit 23e9e931284b44e9d06cca26ab13648873b4029b
  Author: Stéphane Cottin 
  Date:   Thu May 18 08:58:41 2017 +0200

MINOR: log: Add logurilen tunable.

The default len of request uri in log messages is 1024. In some use
cases, you need to keep the long trail of GET parameters. The only
way to increase this len is to recompile with DEFINE=-DREQURI_LEN=2048.

This commit introduces a tune.http.logurilen configuration directive,
allowing to tune this at runtime.

Hoping this helps,
Willy

Re: Is there a way to extract list of bound IPs via stats socket ?

[Willy Tarreau]

On Fri, Sep 01, 2017 at 05:49:38PM +0200, Lukas Tribus wrote:
> Hello,
> 
> 
> Am 01.09.2017 um 15:46 schrieb Mariusz Gronczewski:
> > Hi,
> >
> > I've been working on a piece of code to announce IPs (via ExaBGP) only if:
> >
> > * HAProxy is running
> > * HAProxy actually uses a given IP
> > * a frontend with given IP is up for few seconds.
> >
> > I could do that via lsof but that's pretty processor-intensive. 
> 
> Not sure about the stats or admin socket, but why not use ss instead?
> 
> Something like:
> sudo ss -tln  '( sport = :80 or sport = :443 )'
> 
> add "-p" if you need the PID.
> 
> Should perform well enough.

I think it would not be too hard to add this feature to the CLI. We already
have "show cli socket" which lists the listening stats sockets. We could
reuse this code to list all listening sockets and not the just stats ones.
Maybe "show listeners [optional frontend]" or something like this ?

Just my two cents,
Willy

Re: Enable SSL Forward Secrecy

[Willy Tarreau]

On Fri, Sep 01, 2017 at 07:04:36PM +0200, Willy Tarreau wrote:
> Hi Cyril,

s/Cyril/Lukas, sorry guys, that's what happens when I read one e-mail
and reply to another one at the same time :-)

Willy

Re: Enable SSL Forward Secrecy

[Willy Tarreau]

Hi Cyril,

On Wed, Aug 30, 2017 at 06:55:07PM +0200, Lukas Tribus wrote:
> Hello,
> 
> 
> > Hehe yikes! This was it. It's normal that someone get's lost in all
> > this cipher crap and it should be written in the HaProxy manual as
> > an important step on how to harden security.
> 
> Its not a good idea to suggest specific cipher settings in the manual, as
> the situation may change faster than we are able to update it; especially
> considering lack of backports to packages in distro repositories.
> 
> Instead I would suggest to take the advice of trusted sources (as opposed
> to random blog posts) like Mozilla:
> 
> https://wiki.mozilla.org/Security/Server_Side_TLS
> https://mozilla.github.io/server-side-tls/ssl-config-generator/

I totally agree with you on this, and I think the best solution would be
to put a few such trustable links in the doc so that users directly find
the information from reliable sources.

Willy

Re: [PATCH] MINOR DOC: Improve CLI info on privilege levels

[Willy Tarreau]

Hi Olivier,

On Thu, Aug 31, 2017 at 11:18:24AM +0200, Olivier Doucet wrote:
> Hello all,
> 
> I was experimenting some CLI actions like "disable server" and get error
> "Permission denied". I did not find easily why in HAProxy doc (I was in a
> hurry, so did not read well, I admit).
> This was because of the "level" on the socket bind line not high enough.
> 
> Attached is a patch to the doc to add a small paragraph explaining that
> some CLI actions require higher level of privileges. This is very well
> explained in the configuration manual, but CLI options are explained in the
> management tutorial, that's why I did not find what I was looking for at
> first sight.
> 
> If you have better phrasing, feel free to comment me :)
> 
> @willy: I hope patch is formatted correctly this time ;)

Yep it is, thanks, I've just applied it.
Willy

Re: [PATCH] MINOR: ssl: remove duplicate ssl_methods in struct bind_conf

[Emeric Brun]

Hi Manu,

On 09/01/2017 05:56 PM, Emmanuel Hocdet wrote:
> 
> Hi Willy, Emeric
> 
> Can you consider it?
> 
> ++
> Manu
> 
>> Le 9 août 2017 à 19:07, Emmanuel Hocdet  a écrit :
>>
>> Hi Willy,
>>
>> Patch is not related to openssl version x. It’s a internal structure cleanup.
>> I don’t label it as CLEANUP because it remove a potential source of errors 
>> (this is debatable).
>> If you can consider it.
>>
>> Thanks.
>> Manu
>>
>>
>> <0001-MINOR-ssl-remove-duplicate-ssl_methods-in-struct-bin.patch>
>>
> 

I will take a look on monday


R,
Emeric

Re: [PATCH] MINOR: ssl: remove duplicate ssl_methods in struct bind_conf

[Willy Tarreau]

Hi Manu,

On Fri, Sep 01, 2017 at 05:56:10PM +0200, Emmanuel Hocdet wrote:
> 
> Hi Willy, Emeric
> 
> Can you consider it?

I guess I was waiting for Emeric's return from vacation then forgot.
We'll discuss it on monday if I don't get news till then.

Thanks for the reminder!
Willy

[PATCH] MINOR: ssl: rework smp_fetch_ssl_fc_cl_str without internal ssl use

[Emmanuel Hocdet]

Hi Thierry,

This patch is related to « Capturing browser TLS cipher suites » thread.
I think it will be match the initial need but without internal ssl structure 
usage and.
work with openssl 1.0.2 to 1.1.1 and boringssl.

++
Manu




0001-MINOR-ssl-rework-smp_fetch_ssl_fc_cl_str-without-int.patch
Description: Binary data

Re: [PATCH] MINOR: ssl: remove duplicate ssl_methods in struct bind_conf

[Emmanuel Hocdet]

Hi Willy, Emeric

Can you consider it?

++
Manu

> Le 9 août 2017 à 19:07, Emmanuel Hocdet  a écrit :
> 
> Hi Willy,
> 
> Patch is not related to openssl version x. It’s a internal structure cleanup.
> I don’t label it as CLEANUP because it remove a potential source of errors 
> (this is debatable).
> If you can consider it.
> 
> Thanks.
> Manu
> 
> 
> <0001-MINOR-ssl-remove-duplicate-ssl_methods-in-struct-bin.patch>
> 

Re: Is there a way to extract list of bound IPs via stats socket ?

[Lukas Tribus]

Hello,


Am 01.09.2017 um 15:46 schrieb Mariusz Gronczewski:
> Hi,
>
> I've been working on a piece of code to announce IPs (via ExaBGP) only if:
>
> * HAProxy is running
> * HAProxy actually uses a given IP
> * a frontend with given IP is up for few seconds.
>
> I could do that via lsof but that's pretty processor-intensive. 

Not sure about the stats or admin socket, but why not use ss instead?

Something like:
sudo ss -tln  '( sport = :80 or sport = :443 )'

add "-p" if you need the PID.

Should perform well enough.



Regards,
Lukas

Is there a way to extract list of bound IPs via stats socket ?

[Mariusz Gronczewski]

Hi,

I've been working on a piece of code to announce IPs (via ExaBGP) only if:

* HAProxy is running
* HAProxy actually uses a given IP
* a frontend with given IP is up for few seconds.

I could do that via lsof but that's pretty processor-intensive. Is there a way 
to extract list of binded IPs (or, running config) via stats socket ? I found a 
way to do that with backend server IPs but I can't seem to find a way to do it 
for frontends.

Cheers, Mariusz
--
Mariusz Gronczewski, Administrator

Efigence S. A.
ul. Wołoska 9a, 02-583 Warszawa
T: [+48] 22 380 13 13
F: [+48] 22 380 13 14
E: mariusz.gronczew...@efigence.com 

capture.req.uri max length?

[Philip Seidel]

Is there a maximum length when using capture.req.uri?  It appears that the
value is truncated when approaching close to 1024 bytes.  It appears to be
1020 from the tests I was running.  I have attempted to reduce
tune.maxrewrite to 1024 since tune.bufsize is 16k; however, it appears that
this doesn't have any impact.  Are there some other settings that need to
be adjusted to ensure that the value is not truncated?

Thanks,

Phil