relayd filter rewrite?
I've just rebuilt my FW as a 5.4 box, and was investigating using relayd (rather than squid) to transparently proxy for a couple of web host servers. It appears that this would be made possible by the filter rewrite mentioned at asiabsdcon 2013: http://www.openbsd.org/papers/relayd-slides-asiabsdcon2013.pdf http://www.openbsd.org/papers/relayd-asiabsdcon2013.pdf It looks like this was targeted for v5.4. However, I don't see the new filter syntax referenced in the 5.4 man pages, nor in current. Did the filter rewrite happen yet? And relayd chokes if I try using that syntax. If not, am I overlooking a method to proxy (or redirect) based on incoming http host header request to multiple back end web servers, or would I likely be better off sticking to squid for the time being? -sc
Re: relayd filter rewrite?
On 2014-01-10, Steven M. Caesare wrote: > If not, am I overlooking a method to proxy (or redirect) based on > incoming http host header request to multiple back end web servers That's not currently possible with relayd, it is one of the particularly useful things about the WIP filter rewrite. > or would I likely be better off sticking to squid for the time being? Squid can do it, as can Varnish, though personally in most situations I'd use nginx for that job, it's fairly light-weight, and config is flexible and not too complex.
Re: relayd filter rewrite?
Hi! On 10.01.2014, at 21:58, Steven M. Caesare wrote: > I've just rebuilt my FW as a 5.4 box, and was investigating using relayd > (rather than squid) to transparently proxy for a couple of web host > servers. > > > > It appears that this would be made possible by the filter rewrite > mentioned at asiabsdcon 2013: > > > > http://www.openbsd.org/papers/relayd-slides-asiabsdcon2013.pdf > > > > http://www.openbsd.org/papers/relayd-asiabsdcon2013.pdf > > > > > > It looks like this was targeted for v5.4. However, I don't see the new > filter syntax referenced in the 5.4 man pages, nor in current. Did the > filter rewrite happen yet? And relayd chokes if I try using that syntax. > Sorry, the filter rewrite hasn’t been finished yet. I simply didn’t have enough time to finish it yet. At AsiaBSDCon in March 2013, I didn’t know about another project that took some of my “spare” time in 2013, but our second kid was successfully released in December 2013. Now I’m slowly having more time to work on the relayd filter rewrite again. > > > If not, am I overlooking a method to proxy (or redirect) based on > incoming http host header request to multiple back end web servers, or > would I likely be better off sticking to squid for the time being? > Unfortunately, the filter rewrite is the way to go, the current code is not capable of doing this. Reyk > > > -sc
Re: relayd filter rewrite?
> -Original Message- > From: Reyk Floeter [mailto:reyk.floe...@googlemail.com] On Behalf Of Reyk Floeter > Sent: Saturday, January 11, 2014 10:41 AM > To: Steven M. Caesare > Cc: OpenBSD general usage list > Subject: Re: relayd filter rewrite? > > Hi! > > On 10.01.2014, at 21:58, Steven M. Caesare wrote: > > > I've just rebuilt my FW as a 5.4 box, and was investigating using > > relayd (rather than squid) to transparently proxy for a couple of web > > host servers. > > > > > > > > It appears that this would be made possible by the filter rewrite > > mentioned at asiabsdcon 2013: > > > > > > > > http://www.openbsd.org/papers/relayd-slides-asiabsdcon2013.pdf > > > > > > > > http://www.openbsd.org/papers/relayd-asiabsdcon2013.pdf > > > > > > > > > > > > It looks like this was targeted for v5.4. However, I don't see the new > > filter syntax referenced in the 5.4 man pages, nor in current. Did the > > filter rewrite happen yet? And relayd chokes if I try using that syntax. > > > > Sorry, the filter rewrite hasn't been finished yet. > > I simply didn't have enough time to finish it yet. At AsiaBSDCon in March 2013, I didn't know about another project that > took some of my "spare" time in 2013, but our second kid was successfully released in December 2013. Now I'm slowly > having more time to work on the relayd filter rewrite again. > Excellent, congratulations! The biological products can indeed be time consuming. > > > > > > If not, am I overlooking a method to proxy (or redirect) based on > > incoming http host header request to multiple back end web servers, or > > would I likely be better off sticking to squid for the time being? > > > > Unfortunately, the filter rewrite is the way to go, the current code is not capable of doing this. > > Reyk > Thanks for the response, and the excellent work on relayd... much appreciated. -sc
