Re: set ssl ocsp-response working only if we already have an ocsp record

Hi Olivier, On Mon, Jan 23, 2017 at 08:31:13PM +0100, Olivier Doucet wrote: > Hello, > > I'm actually implementing OCSP stapling on my haproxy instance. > > It seems we can update ocsp (with set ssl ocsp-response on socket) only if > a previous OCSP record exist. > > For example : > Case #1 >

Re: Start From Zero concept

On Fri, Feb 03, 2017 at 01:35:02PM +0100, Dave Cottlehuber wrote: > This is exactly like Zerg http://erlangonxen.org/zerg the requirements > are that haproxy: Just reading this made me throw up. The problem is while I can to a certain extent imagine that for a demo, I already imagine that some

Re: Capturing browser TLS cipher suites

Hi Olivier, On Sat, Feb 04, 2017 at 11:52:30AM +0100, Olivier Doucet wrote: > Hello, > > I'm trying to capture the cipher suites sent by browser when negociating > the encryption level with HAProxy. > Digging into the haproxy doc, I can already find the TLS version and cipher > used (variables

Haproxy reload fails on RHEL 7.2

Hi, I am using haproxy 1.7.2 version and trying to use reload option which is failing in my environment with RHEL 7.2 version, same works fine in RHEL 6.8 version. Please find the logs below: Feb 8 23:38:19 localhost systemd: Reloaded SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is

Re: Lua sample fetch logging ends up in response when doing http-request redirect

On Wed, Feb 08, 2017 at 05:55:36PM +, Jesse Schulman wrote: > Looks good to me, I applied both patches and the issue I was having with > lua remains fixed. Thank you Jesse, that's exactly what I needed. Now I've merged them. Thanks, Willy

Re: 1.8dev 405ff31e31eb1cbdc76ba0d93c6db4c7a3fd497a regression ?

Hi Emmanuel, On Tue, Feb 07, Emmanuel Hocdet wrote: > I'm not able to reproduce this crash with current 1.8dev and openssl 1.0.2j. OK, thanks for checking. I'll try to compile openssl-1.0.2/openssl-1.1.0 and test with those to see if it's specific to openssl that comes w/centos7. Do you have

Re: Lua sample fetch logging ends up in response when doing http-request redirect

Looks good to me, I applied both patches and the issue I was having with lua remains fixed. Thanks! Jesse On Wed, Feb 8, 2017 at 2:21 AM Willy Tarreau wrote: > Hi Jesse, > > On Tue, Feb 07, 2017 at 06:37:09PM +, Jesse Schulman wrote: > > Thank you for the update, we are

RE: Haproxy loabalance with cookie

Try this: backend app balance roundrobin cookie SERVERID insert indirect nocache server hdp01.example.local 192.168.1.100:7070 check cookie hdp01 server hdp02.example.local 192.168.1.101:7070 check cookie hdp02 From: Hoang Le Trung [mailto:hoangletr...@orenj.com] Sent: Tuesday,

Re: Strange behavior of sample fetches in http-response replace-header option

Hi Christopher, Christopher Faulet wrote: > You did well to reopen the issue. And you're right, this bug is similar > to the one on redirect rules. I submitted a patch and it will be merged > soon by Willy (see "[PATCH] 2 fixes for replace-header rules"). Thank you for the fix! Best, Holger

Re: Strange behavior of sample fetches in http-response replace-header option

Le 07/02/2017 à 16:41, Holger Just a écrit : Hi all, I just checked and the issue is still present in current master. Could you maybe have a look at this issue? It smells a bit like this could potentially be connected to the issue discussed in the thread "Lua sample fetch logging ends up in

Re: [PATCH] 2 fixes for replace-header rules

On Wed, Feb 08, 2017 at 05:29:19PM +0100, Christopher Faulet wrote: > Willy, > > Here are 2 patches to fix bugs on replace-header rules. The first one is > similar to the one on redirect rules. It fixes an issue reported by > Holger Just ("Strange behavior of sample fetches in http-response >

[PATCH] 2 fixes for replace-header rules

Willy, Here are 2 patches to fix bugs on replace-header rules. The first one is similar to the one on redirect rules. It fixes an issue reported by Holger Just ("Strange behavior of sample fetches in http-response replace-header option"). The second one is a trivial fix :) -- Christopher

Re: [PATCH] BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined

On Wed, Feb 08, 2017 at 11:16:58AM +0100, Christopher Faulet wrote: > Hi, > > This patch fixes the bug reported by Kristjan Koppel and Brian Loss in the > thread "Gzip compression and transfer: chunked". It should be backported in > 1.7 Merged, thanks guys! Willy

Re: Lua sample fetch logging ends up in response when doing http-request redirect

Hi Jesse, On Tue, Feb 07, 2017 at 06:37:09PM +, Jesse Schulman wrote: > Thank you for the update, we are running the patch Thierry provided with > success, but we only do a lua call within the %[] almost identically to the > simple reproducer I provided. I *think* we are safe considering we

[PATCH] BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined

Hi, This patch fixes the bug reported by Kristjan Koppel and Brian Loss in the thread "Gzip compression and transfer: chunked". It should be backported in 1.7 Kristjan and Brian, thanks for your help. -- Christopher Faulet >From 23b39e87cce785437950552f5be0744b5768914a Mon Sep 17 00:00:00