On Wed, Oct 07, 2015 at 10:21:47AM -0700, Joseph Lynch wrote:
> It appears that 5b4dd683cb introduced the htonll and ntohll functions
> in standard.h, but it appears that osx already defines that in
> sys/_endian.h. I've attached a patch that wraps those functions in
> ifndefs.
(...)
Applied, tha
Hi Christopher,
On Thu, Oct 08, 2015 at 11:57:02AM +0200, Christopher Faulet wrote:
> Hi,
>
> lru64_lookup function was added in a previous patch of mine. This one
> just remove a useless memory allocation.
Applied with the text above as the commit description. In the future,
please keep in min
On Thu, Oct 08, 2015 at 02:03:19PM +0200, Christopher Faulet wrote:
> Hi,
>
> The 'OPTIONS' method was not in the list of supported HTTP methods and
> find_http_meth return HTTP_METH_OTHER instead of HTTP_METH_OPTIONS.
Wow good catch, I feel ashamed or having missed it. It was already
bogus in 1
Hi Christopher,
I applied the first two ones, but the last one seems to be doing
a lot of stuff at the same time. It's not even clear to me whether
it fixes something or improves something or does both, but the
review is quite hard. Is it possible to cut it into functional
parts ? In practice we a
On Fri, Oct 09, 2015 at 12:24:11AM +0200, Lukas Tribus wrote:
> > frontend https-in
> > bind 0.0.0.0:443
> > mode tcp
> > tcp-request inspect-delay 5s
> > tcp-request content accept if { req_ssl_hello_type 1 }
> >
> > acl sni_jve req.ssl_sni -i jve.linuxwall.info
> > acl tls12 req.payload(9,2) -m b
On 2015-10-08 18:24, Lukas Tribus wrote:
Are you sure your TLSv1.2 client is actually sending
jve.linuxwall.info as SNI value? I suggest to remove the
SNI if statement while testing the TLS ACL.
Argh... I can't count the number of times forgetting -servername in
openssl s_client got me looking
Lukas,
Le 08/10/2015 23:47, Lukas Tribus a écrit :
> You really need to post the actual configuration, because we don't
> have any idea what you are trying to do and how you configured it.
>
> But yes, 213.254.248.96/27 covers 32 IPs starting from 213.254.248.96
> until 213.254.248.127.
Yes… rig
Le 09/10/2015 10:27, Willy Tarreau a écrit :
Hi Christopher,
I applied the first two ones, but the last one seems to be doing
a lot of stuff at the same time. It's not even clear to me whether
it fixes something or improves something or does both, but the
review is quite hard. Is it possible to
On Fri, Oct 09, 2015 at 11:59:00AM +0200, Christopher Faulet wrote:
> Le 09/10/2015 10:27, Willy Tarreau a écrit :
> >Hi Christopher,
> >
> >I applied the first two ones, but the last one seems to be doing
> >a lot of stuff at the same time. It's not even clear to me whether
> >it fixes something o
Hi,
On Fri, Oct 09, Sébastien LECOMTE wrote:
[...]
> acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24
> 213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26
> 91.237.72.4
[...]
> http-request allow if private_domain allowed_clients
> http-request deny if privat
> acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24 [...]
This is a *string* comparison. You will have to use "req.hdr_ip" [1]:
acl allowed_clients req.hdr_ip(X-Real-IP,-1) 10.10.200.0/24 [...]
Regards,
Lukas
[1]
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.6-req.hd
Le 09/10/2015 12:41, Lukas Tribus a écrit :
> This is a *string* comparison. You will have to use "req.hdr_ip" [1]:
>
> acl allowed_clients req.hdr_ip(X-Real-IP,-1) 10.10.200.0/24 [...]
Oh damned.
Thanks a lot… I'll try this right now.
Le 09/10/2015 12:36, Jarno Huuskonen a écrit :
> Maybe req.hdr_ip would work better ?
> (https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.6-req.hdr_ip)
OK. Thanks.
Le 09/10/2015 12:19, Willy Tarreau a écrit :
On Fri, Oct 09, 2015 at 11:59:00AM +0200, Christopher Faulet wrote:
Le 09/10/2015 10:27, Willy Tarreau a écrit :
Hi Christopher,
I applied the first two ones, but the last one seems to be doing
a lot of stuff at the same time. It's not even clear to
On Fri, Oct 09, 2015 at 01:46:50PM +0200, Christopher Faulet wrote:
> ssl_ctx_lru_tree could be defined outside the ifdef, but it is only used
> when SNI extension is available. So there is no reason to initialize it
> if there is no SNI.
>
> Then, when SNI is available, the tree can be NULL if
Hi,
I’m experiencing a strange issue whereby Haproxy completely hangs when it
receives a certain request, i have confirmed that the request is received
through the following tcpdump, but it does not appear in the haproxy logs,
neither is it forwarded.
09:24:05.853373 IP (tos 0x0, ttl 58, id 62
Those are not the actual credentials, any idea what might be wrong?
> On 9 Oct 2015, at 16:40, Baptiste wrote:
>
> Wonderfull,
>
> Please tell afbbank to change their password !
>
> Baptiste
>
>
> On Fri, Oct 9, 2015 at 3:26 PM, Bosco Mutunga
> wrote:
>> Hi,
>>
>> I’m experiencing a s
Wonderfull,
Please tell afbbank to change their password !
Baptiste
On Fri, Oct 9, 2015 at 3:26 PM, Bosco Mutunga wrote:
> Hi,
>
> I’m experiencing a strange issue whereby Haproxy completely hangs when it
> receives a certain request, i have confirmed that the request is received
> throu
cool :)
Ok, we need configuration and log lines relative to this POST.
Baptiste
On Fri, Oct 9, 2015 at 3:43 PM, Bosco Mutunga wrote:
> Those are not the actual credentials, any idea what might be wrong?
>
>> On 9 Oct 2015, at 16:40, Baptiste wrote:
>>
>> Wonderfull,
>>
>> Please tell afbbank to
Nothing appears on the logs with respect to this request
> On 9 Oct 2015, at 16:59, Baptiste wrote:
>
> cool :)
> Ok, we need configuration and log lines relative to this POST.
>
> Baptiste
>
> On Fri, Oct 9, 2015 at 3:43 PM, Bosco Mutunga
> wrote:
>> Those are not the actual credentials, an
L’actualité hebdomadaire par RFI - 09/10/2015
Visualisez cet email dans votre navigateur
http://rfi.nlfrancemm.com/HM?b=5FRpeFwUC7h8nm5tw6aXwovaf6uX6GkR7VQMtcclsuuFpKSVys6vM0m21FUd7-EB&c=P8yc1pjx5AP8FjdAfiRrRw
L’incroyable procès Savtchenko, une pilote ukrainienne jugée en Russie
Appels sur
Hi,
On Fri, Oct 09, 2015 at 01:26:37PM +, Bosco Mutunga wrote:
> Hi,
>
> I???m experiencing a strange issue whereby Haproxy completely hangs when it
> receives a certain request, i have confirmed that the request is received
> through the following tcpdump, but it does not appear in the hapro
On Fri, Oct 09, 2015 at 01:36:57PM +0300, Jarno Huuskonen wrote:
> Hi,
>
> On Fri, Oct 09, Sébastien LECOMTE wrote:
> [...]
> > acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24
> > 213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26
> > 91.237.72.4
>
> [...]
>
> >
On Fri, Oct 09, 2015 at 05:05:12AM -0400, Julien Vehent wrote:
> On 2015-10-08 18:24, Lukas Tribus wrote:
> >Are you sure your TLSv1.2 client is actually sending
> >jve.linuxwall.info as SNI value? I suggest to remove the
> >SNI if statement while testing the TLS ACL.
>
> Argh... I can't count the
On Tue, Oct 06, 2015 at 02:30:30PM +0200, Pavlos Parissis wrote:
>
>
> On 06/10/2015 12:25 , Willy Tarreau wrote:
> > Hi ladies and gentlemen!
> >
> > Things are calming down when I'm away from the keyboard, I'll start to
> > think I'm really the only one who introduces bugs!
> >
> > Some i
Hello Cédric,
On Tue, Oct 06, 2015 at 01:56:41PM +, Cédric Petter wrote:
> Bonjour
>
> First of all, if I need to explain in English, please tell me.
Yes the list is in english, but I understood your problem so I'll
put out a quick summary and will respond :-)
> Je suis bloqué avec HAProxy
Hi Vincent,
On Tue, Oct 06, 2015 at 04:05:59PM +0200, Vincent Bernat wrote:
> From: Vincent Bernat
>
> "unknown" was spelled "unkown".
Applied, thanks!
Willy
Hi Peter,
On Wed, Oct 07, 2015 at 12:07:43AM -0700, peter cai wrote:
> I found there is use_after_free bug in the pat_ref_delete_by_id.
>
> diff --git a/haproxy/src/pattern.c b/haproxy/src/pattern.c
> index 4bd6924..0bd35a7 100644
> --- a/haproxy/src/pattern.c
> +++ b/haproxy/src/pattern.c
> @@ -
On Thu, Oct 08, 2015 at 12:27:07AM -0700, Joseph Lynch wrote:
> Hi Shawn,
>
> I am pretty sure that HAProxy cannot retry requests themselves because
> it does not know what side effects the request had. It can retry
> connections but once the session is assigned it returns results or
> fails.
>
>
29 matches
Mail list logo
