Re: Disable client keep-alive using ACL

2020-11-18 Thread John Lauro
A couple of possible options... You could use tcp-request inspect-delay to delay the response a number of seconds (and accept it quick if legitimate traffic). You could use redirects which will have the clients do more requests (Possibly with the inspect delays). That said, it would be useful to

Re: [PATCH] simplify openssl async detection

2020-11-18 Thread Илья Шипицин
ping :) ? сб, 14 нояб. 2020 г. в 02:04, Илья Шипицин : > Hi. > > next define improvement. > > Ilya >

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Tim Düsterhus
Maciej, Am 18.11.20 um 18:48 schrieb Maciej Zdeb: > Tim thanks for the hint! You're welcome. > Aleksandar I’ll do my best, however I’m still learning HAProxy internals > and refreshing my C skills after very long break. ;) First, I’ll try to > deliver something simple like „-m beg” and after

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Maciej Zdeb
Tim thanks for the hint! Aleksandar I’ll do my best, however I’m still learning HAProxy internals and refreshing my C skills after very long break. ;) First, I’ll try to deliver something simple like „-m beg” and after review from the team we’ll see. If someone is in hurry with this issue and

Re: Logging mTLS handshake errors

2020-11-18 Thread Lukas Tribus
Hello Dominik, On Wed, 18 Nov 2020 at 15:06, Froehlich, Dominik wrote: > > Hi everyone, > > > > Some of our customers are using mTLS to authenticate clients. There have been > complaints that some certificates don’t work > > but we don’t know why. To shed some light on the matter, I’ve tried

Re: [PATCH v5 0/2] add set server ssl command

2020-11-18 Thread William Lallemand
On Sat, Nov 14, 2020 at 07:25:31PM +0100, William Dauchy wrote: > Hello, > > This patchset is an attempt to add a new command for configure ssl on > server at runtime: > > - the first patch is a simple preparation work > - the second one is adding the new command. Now that I understand how >

Content Partnership

2020-11-18 Thread Tegan Johnson
Hi, I’m Tegan Johnson from Nightfall , the industry's first cloud-native data loss prevention platform. Effective data security is critical in today’s businesses. Our team helps organizations from various industries such as healthcare, education, technology, or finance

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Tim Düsterhus
Maciej, Am 18.11.20 um 14:22 schrieb Maciej Zdeb: > I've found an earlier discussion about replacing reqidel (and others) in > 2.x: https://www.mail-archive.com/haproxy@formilux.org/msg36321.html > > So basically we're lacking: > http-request del-header x-private- -m beg > http-request

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Aleksandar Lazic
Hi Maciej. On 18.11.20 14:22, Maciej Zdeb wrote: I've found an earlier discussion about replacing reqidel (and others) in 2.x: https://www.mail-archive.com/haproxy@formilux.org/msg36321.html So basically we're lacking: http-request del-header x-private-  -m beg http-request del-header

Logging mTLS handshake errors

2020-11-18 Thread Froehlich, Dominik
Hi everyone, Some of our customers are using mTLS to authenticate clients. There have been complaints that some certificates don’t work but we don’t know why. To shed some light on the matter, I’ve tried to add more info to our log format regarding TLS validation: log-format "%ci:%cp [%tr]

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Maciej Zdeb
I've found an earlier discussion about replacing reqidel (and others) in 2.x: https://www.mail-archive.com/haproxy@formilux.org/msg36321.html So basically we're lacking: http-request del-header x-private- -m beg http-request del-header x-.*company -m reg http-request del-header -tracea -m

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Maciej Zdeb
Sure, the biggest problem is to delete header by matching prefix: load_blacklist = function(service) local prefix = '/etc/haproxy/configs/maps/header_blacklist' local blacklist = {} blacklist.req = {} blacklist.res = {} blacklist.req.str =

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Julien Pivotto
On 18 Nov 12:33, Maciej Zdeb wrote: > Hi again, > > So "# some headers manipulation, nothing different then on other clusters" > was the important factor in config. Under this comment I've hidden from you > one of our LUA scripts that is doing header manipulation like deleting all > headers from

Re : haproxy.org : Budget-Friendly SEO Packages..

2020-11-18 Thread Mary Hernandez
Hi *haproxy.org *Owner I want to reach out to you to learn whether you are in need of "SEO / Digital Marketing / website development / maintenance / re-design / user experience mapping services" for your *haproxy.org *. I would like to offer you our

De netdev.nl gaat in de aanbieding

2020-11-18 Thread Luise Mol
Geachte heer of mevrouw, Ik verkoop de DomeinNaam netdev.nl. Is dat interessant voor U? Met vriendelijke groeten, Luise Mol

Re: Disable client keep-alive using ACL

2020-11-18 Thread Tim Düsterhus , WoltLab GmbH
Lukas, Am 17.11.20 um 17:37 schrieb Lukas Tribus: >>> is it possible to reliably disable client keep-alive on demand based on >>> the result of an ACL? >>> >>> I was successful for HTTP/1 requests by using: >>> >>> http-after-response set-header connection close if foo >>> >>> But apparently that