Re: Haproxy 1.5.4 unable to accept new TCP request, backlog full, tens of thousands close_wait connection

2017-04-27 Thread jaseywang
Hi, after several days debug, no obvious issue found, and we turn on the strace, here is the log of cdn on and cdn off strace file: cdn on: https://www.dropbox.com/s/rk1xlvvvh9wmwa3/cdn.log?dl=0 cdn off: https://www.dropbox.com/s/x156aqexlmg4352/no-cdn.log?dl=0 For these debug files, we haven't f

Re: ModSecurity: First integration patches

2017-04-27 Thread Thierry Fournier
> On 27 Apr 2017, at 18:53, Aleksandar Lazic wrote: > > Hi Willy. > > Am 27-04-2017 12:05, schrieb Willy Tarreau: >> Hi Thierry, >> On Thu, Apr 20, 2017 at 03:05:35PM +0200, Thierry Fournier wrote: >>> Hi, >>> After a quick private brainstorm, Willy propose to me a new binary encoding >>> for t

Lua Applet Unable to Add Connection: close Header

2017-04-27 Thread Philip Seidel
It appears that the `Connection: close` header is stripped from the HTTP response when using the AppletHTTP Lua class. Is there a way add this response header using this applet? Example Lua: -- send a synthetic http response function send_http_response(applet) local content = 'Missing Connecti

Re: ModSecurity: First integration patches

2017-04-27 Thread Aleksandar Lazic
Hi Willy. Am 27-04-2017 12:05, schrieb Willy Tarreau: Hi Thierry, On Thu, Apr 20, 2017 at 03:05:35PM +0200, Thierry Fournier wrote: Hi, After a quick private brainstorm, Willy propose to me a new binary encoding for the headers. It is useless to give the numbers of headers contained in the

Re: http-request auth realm bug

2017-04-27 Thread Aleksandar Lazic
Hi Stefan. Am 27-04-2017 16:57, schrieb Stefan S: Hi, I am using HAProxy 1.7 and I noticed that when I use http-request auth WITHOUT a "realm" parameter, HAProxy will send a realm in the HTTP header with the realm being the name of the frontend where the auth is defined. From the documentat

http-request auth realm bug

2017-04-27 Thread Stefan S
Hi, I am using HAProxy 1.7 and I noticed that when I use http-request auth without a "realm" parameter, HAProxy will send a realm in the HTTP header with the realm being the name of the frontend where the auth is defined. From the documentation it sound like it would not send a realm unless th

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Frederic Lecaille
On 04/27/2017 03:20 PM, Frederic Lecaille wrote: On 04/27/2017 02:56 PM, Baptiste wrote: On Thu, Apr 27, 2017 at 2:44 PM, Frederic Lecaille mailto:flecai...@haproxy.com>> wrote: On 04/27/2017 12:43 PM, Baptiste wrote: On Thu, Apr 27, 2017 at 11:22 AM, Frederic Lecaille

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Frederic Lecaille
On 04/27/2017 02:56 PM, Baptiste wrote: On Thu, Apr 27, 2017 at 2:44 PM, Frederic Lecaille mailto:flecai...@haproxy.com>> wrote: On 04/27/2017 12:43 PM, Baptiste wrote: On Thu, Apr 27, 2017 at 11:22 AM, Frederic Lecaille mailto:flecai...@haproxy.com>

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Baptiste
On Thu, Apr 27, 2017 at 2:44 PM, Frederic Lecaille wrote: > On 04/27/2017 12:43 PM, Baptiste wrote: > >> >> >> On Thu, Apr 27, 2017 at 11:22 AM, Frederic Lecaille >> mailto:flecai...@haproxy.com>> wrote: >> >> On 04/27/2017 10:47 AM, Frederic Lecaille wrote: >> >> Hello HAProxy ML, >>

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Frederic Lecaille
On 04/27/2017 12:43 PM, Baptiste wrote: On Thu, Apr 27, 2017 at 11:22 AM, Frederic Lecaille mailto:flecai...@haproxy.com>> wrote: On 04/27/2017 10:47 AM, Frederic Lecaille wrote: Hello HAProxy ML, Please find attached to this mail a patch proposal which allows ser

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Baptiste
On Thu, Apr 27, 2017 at 11:22 AM, Frederic Lecaille wrote: > On 04/27/2017 10:47 AM, Frederic Lecaille wrote: > >> Hello HAProxy ML, >> >> Please find attached to this mail a patch proposal which allows >> server FQDNs changes from stats socket. >> >> These FQDNs are also added to server-state fi

Re: ModSecurity: First integration patches

2017-04-27 Thread Willy Tarreau
Hi Thierry, On Thu, Apr 20, 2017 at 03:05:35PM +0200, Thierry Fournier wrote: > Hi, > > After a quick private brainstorm, Willy propose to me a new binary encoding > for the headers. It is useless to give the numbers of headers contained in > the block, so the end of headers is marked by an empty

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Frederic Lecaille
On 04/27/2017 10:47 AM, Frederic Lecaille wrote: Hello HAProxy ML, Please find attached to this mail a patch proposal which allows server FQDNs changes from stats socket. These FQDNs are also added to server-state file. Regards, Fred. A new version of this patch which fixes a memleak (serve

server FQDN changes from stats socket + server-state file

2017-04-27 Thread Frederic Lecaille
Hello HAProxy ML, Please find attached to this mail a patch proposal which allows server FQDNs changes from stats socket. These FQDNs are also added to server-state file. Regards, Fred. >From f9c1001175d406a15414e893f11d6120cf22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=2

Re: Logging ACL activity

2017-04-27 Thread Ricardo Fraile
Hello, I fallen into a similar requirement to the commented in these mails a few years ago. As the right solution still is the use of any alternative workaround, I add my 2 cents to the already been said. For deny rules, the normal solution is: frontend acl rule_user-agent hdr