Re: SNI spoofing in HAproxy?

> Em 5 de jul. de 2021, à(s) 09:30, Froehlich, Dominik > escreveu: > > Here is my iteration of your solution: > > http-request set-var(txn.host) hdr(host),field(1,:) > acl ssl_sni_http_host_match ssl_fc_sni,strcmp(txn.host) eq 0 > http-request deny deny_status 421 if !ssl_sni_http_host_ma

Re: SNI spoofing in HAproxy?

Dominik, On 7/5/21 2:30 PM, Froehlich, Dominik wrote: I've played around with your solution a bit and I think I may have found two issues with it: - It doesn't check if the client uses SNI at all and it will deny the request if no SNI is used I always use 'strict-sni' on the bind line, so t

Re: Proposal about new default SSL log format

Remi, On 7/5/21 5:15 PM, Remi Tricot-Le Breton wrote: 1) tab separated is better for any log import tool (mixing spaces and "/" is terrible for import) I don't have any problems with that apart from inconsistency with the other default formats. If switching to tabs for this format only does no

Re: Proposal about new default SSL log format

Hello, On 02/07/2021 16:52, Илья Шипицин wrote: I worked with log formats a lot, couple of thoughts 1) tab separated is better for any log import tool (mixing spaces and "/" is terrible for import) I don't have any problems with that apart from inconsistency with the other default formats.

Re: SNI spoofing in HAproxy?

Hi Tim, I've played around with your solution a bit and I think I may have found two issues with it: - It doesn't check if the client uses SNI at all and it will deny the request if no SNI is used - It fails if the client adds a port to the host header So to my understanding, it is perfectly f

Re: proposed enhancement to mysql-check - accept account locked/password expired errors

Le 7/1/21 à 7:14 AM, Daniel Black a écrit : It seems users are still disturbed at creating passwordless users in mysql for mysql-check. https://discourse.haproxy.org/t/haproxy-mysql-check-user-removal/6685 I certainly understand not wanting to implement the truly ugly implementation that is the

Re: [PATCH] DOC: use CREATE USER for mysql-check

Le 7/1/21 à 4:09 AM, Daniel Black a écrit : CREATE USER has been the standard way of creating users since MySQL-5.0 (2005). The current syntax of INSERT INTO mysql.user won't actually work on MariaDB-10.4+. Because haproxy doesn't use any resources the MySQL executable comment syntax provides r

Re: [PATCH]: BUILD/MEDIUM: set-mark openbsd support

Le 7/3/21 à 10:22 AM, David CARLIER a écrit : Hi here a follow-up of the previous patch but this time for OpenBSD. Thanks, applied now ! -- Christopher Faulet

Re: Proposal about new default SSL log format

Hello, On 02/07/2021 16:56, Илья Шипицин wrote: also, "process name" is something that is prior knowledge. no need to log it every time (for millions of requests) This process name part does not seem to come from the log format line, it is never mentioned in the HTTP log-format string. If it

Re: Proposal about new default SSL log format

Hello Tim, On 02/07/2021 16:34, Tim Düsterhus wrote: Remi, On 7/2/21 4:26 PM, Remi Tricot-Le Breton wrote: But if anybody sees a missing information that could be beneficial for everybody, feel free to tell it, nothing is set in stone yet. […] Feel free to suggest any missing data, which cou

Re: Hey! I want to partner with you.

Hello, Making sure my last message reached your inbox. I know gmail can get pretty chaotic and things get lost all the time, so I was wondering how I can get back on your radar. To reiterate it, I work for Geonode , the leading unmetered residential proxy services for dev