Deny with 413 request too large

2017-05-15 Thread Joao Morais
Hello list, I need to configure HAProxy to deny the request with 413 based on the value of the content-length header. This is my actual configuration: errorfile 400 /usr/local/etc/haproxy/errors/413.http http-request deny deny_status 400 if { req.body_size gt 10485760 } This is working

HAProxy Page Element Request Times Slowly Increase

2017-05-15 Thread Caleb Anthony
Hello All, I've got a strange issue with our deployment of HAProxy 1.6 where a user will make a request to a page, and as each page element comes in, the time taken shown on each file downloaded in the IE developer tools increases by a factor of 3, until finally the user is prompted for

Re: haproxy "inter" and "timeout check", retries and "fall"

2017-05-15 Thread Bryan Talbot
> On May 13, 2017, at May 13, 10:59 PM, Jiafan Zhou > wrote: > > > Hi all, > > The version of haproxy I use is: > > # haproxy -version > HA-Proxy version 1.5.2 2014/07/12 > Copyright 2000-2014 Willy Tarreau This version is so

Re: OpenSSL engine and async support

2017-05-15 Thread Grant Zhang
> On May 15, 2017, at 03:14, Emeric Brun wrote: > > What does it look like? New patches attached. > > The issue is very similar: > https://mta.openssl.org/pipermail/openssl-dev/2016-March/005909.html Interesting. yeah, it looks similar. Regards, Grant

Re: OpenSSL engine and async support

2017-05-15 Thread Emeric Brun
Hi Grant, On 05/15/2017 12:14 PM, Emeric Brun wrote: > On 05/13/2017 01:14 AM, Grant Zhang wrote: >> >>> On May 10, 2017, at 04:51, Emeric Brun wrote: >>> It looks like the main process stalls at DH_free(local_dh_1024) (part of __ssl_sock_deinit). Not sure why but I

Re: OpenSSL engine and async support

2017-05-15 Thread Emeric Brun
On 05/13/2017 01:14 AM, Grant Zhang wrote: > >> On May 10, 2017, at 04:51, Emeric Brun wrote: >> >>> It looks like the main process stalls at DH_free(local_dh_1024) (part of >>> __ssl_sock_deinit). Not sure why but I will debug and report back. >>> >>> Thanks, >> >> I

Re: Automatic Certificate Switching Idea

2017-05-15 Thread Daniel Schneller
> > That's perfect! Your feedback and possible trouble in doing this will > also definitely help! > Oh, if experience tells me one thing, no matter how “straightforward” this may look, there _will_ be trouble ;-) Cheers Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice

Re: haproxy + RDP

2017-05-15 Thread Antonio Trujillo Carmona
El 12/05/17 a las 11:55, Aleksandar Lazic escribió: > Hi Antonio Trujillo Carmona. > > Antonio Trujillo Carmona have written on Fri, 12 May 2017 10:23:59 > +0200: > >> El 11/05/17 a las 15:06, Aleksandar Lazic escribió: >>> .../ >>> How about to activate the 'option tcp-check' as mentioned in the