Now a Working Patchset (was: Re: Patch proposal for FEATURE/MAJOR: Add upstream-proxy-tunnel feature)

without success just because I'm a little bit out of training with C, any help to fix this is very welcome. * My test setup is shown in examples/upstream-proxy.cfg. Best regards Alex [0]https://www.rfc-editor.org/rfc/rfc9110#name-connect On 2024-05-31 (Fr.) 12:08, Aleksandar Lazic wrote: Hi.

Re: Patch proposal for FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi. Anyone who have some Ideas how to fix the return way? Regards Alex On 2024-05-27 (Mo.) 09:12, Aleksandar Lazic wrote: Hi. I have done some progress with the feature :-) The test setup runs in 4 shells. # shell1: curl -vk --connect-to www.test1.com:4433:127.0.0.1:8080 -H "

Patch proposal for FEATURE/MAJOR: Add upstream-proxy-tunnel feature (was: Re: Maybe stupid question but can HAProxy now use a upstream proxy)

Have anyone an Idea what's wrong? Maybe it's too late for 3.0 but it would be nice to have this feature in 3.1 :-) Regards Alex On 2024-05-24 (Fr.) 00:08, Aleksandar Lazic wrote: Hi. I have seen https://github.com/haproxy/haproxy/issues/1542 which requests that feature. Now I have tried

Re: Maybe stupid question but can HAProxy now use a upstream proxy

x On 2024-05-23 (Do.) 22:32, Aleksandar Lazic wrote: Hi. I follow the development more or less closely and I must say I not always understand all changes :-). Just for my clarification is the following setup now possible with HAProxy with all the new shiny features  :-)

Maybe stupid question but can HAProxy now use a upstream proxy

Hi. I follow the development more or less closely and I must say I not always understand all changes :-). Just for my clarification is the following setup now possible with HAProxy with all the new shiny features :-) client => frontend | \-> backend server

Re: FCGI calls return 500 with "IH" Stream State

On 2024-05-16 (Do.) 17:05, Aleksandar Lazic wrote: Hi. I have a strange behavior with HAProxy and FCGI PHP App. When I call an admin URL returns HAProxy a 500, after a refresh of the same page returns the HAProxy 200. ``` 10.128.2.35:39684 [16/May/2024:14:54:26.229] craft-cms fcgi-servers/craftcms1

FCGI calls return 500 with "IH" Stream State

Hi. I have a strange behavior with HAProxy and FCGI PHP App. When I call an admin URL returns HAProxy a 500, after a refresh of the same page returns the HAProxy 200. ``` 10.128.2.35:39684 [16/May/2024:14:54:26.229] craft-cms fcgi-servers/craftcms1 0/0/0/-1/1138 500 15416 - - IH-- 2/2/0/0/0

Re: Question on deleting cookies from an HTTP request

Hi Lokesh. On 2024-04-27 (Sa.) 01:41, Lokesh Jindal wrote: Hey folks I have found that there is no operator "del-cookie" in HAProxy to delete cookies from the request. (HAProxy does support the operator "del-header"). Can you explain why such an operator is not supported? Is it due to

Update for https://github.com/haproxy/wiki/wiki/SPOE:-Stream-Processing-Offloading-Engine

Hi. The "https://github.com/criteo/haproxy-spoe-go; is archived since Nov 7, 2023 and there is a fork from that repo https://github.com/go-spop/spoe Can we add this info to the wiki page? There is also a rust implementation https://github.com/vkill/haproxy-spoa-example which could be added.

Re: Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. On 2024-03-18 (Mo.) 12:19, William Lallemand wrote: On Sun, Mar 17, 2024 at 07:53:17PM +0100, Aleksandar Lazic wrote: Hi. Looks like there was a similar question in the forum https://discourse.haproxy.org/t/trouble-with-starting-the-data-plane-api/9200 Any idea how to fix

Re: Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. Looks like there was a similar question in the forum https://discourse.haproxy.org/t/trouble-with-starting-the-data-plane-api/9200 Any idea how to fix this? Regards Alex On 2024-03-13 (Mi.) 00:11, Aleksandar Lazic wrote: Hi. I try to run dataplane as "random" user inside h

Re: About the SPOE

Hi. On 2024-03-15 (Fr.) 15:09, Christopher Faulet wrote: Hi all, It was evoked on the ML by Willy and mentioned in few issues on GH. It is now official. The SPOE was marked as deprecated for the 3.0. It is not a pleasant announce because it is always an admission of failure to remove a

Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. I try to run dataplane as "random" user inside haproxy.cfg. That's the debug output of the start of the container. Even as I have set the --log-level=trace to the dataplane can't I see any reason why the api kills the process. ``` # Debug output with dataplane api

Re: http/3 flow control equivalent

Hi. On 2024-02-22 (Do.) 02:47, Miles Hampson wrote: Hi, I have noticed that transferring large files with http/2 to a backend server through HAProxy 2.9 (and earlier) over a network link with a bit of latency can be extremely slow unless the HTTP/2 Flow Control window size is increased quite

Re: Haproxy accross LDAPS

s, Willy ---- *De :* Aleksandar Lazic *Envoyé :* jeudi 15 février 2024 15:20 *À :* TINK-LONG-KI Willy *Cc :* haproxy@formilux.org *Objet :* Re: Haproxy accross LDAPS Hi Willy. On 2024-02-15 (Do.) 09:07, TINK-LONG-KI Willy wrote: Hello All, I trying  to configure

Re: Haproxy accross LDAPS

Hi Willy. On 2024-02-15 (Do.) 09:07, TINK-LONG-KI Willy wrote: Hello All, I trying  to configure a backend on a HAPROXY (release 2.4.25) with LDAPS in order to authenticate user by the LDAPS. Any chance to use the latest 2.8 or 2.9? Below informations about my configuration : -Port use

Re: unsubscribe

Hi. Here can you find the right way to Unsubscribe from the list https://www.haproxy.org/#tact Regards Alex On 2024-02-12 (Mo.) 23:02, Nicolas Grilly wrote: *Nicolas Grilly* Managing Partner +33 6 03 00 25 34 Recrutez plus rapidement avec VocationCity.com

Re: [ANNOUNCE] haproxy-2.9-dev10

Hi Tristan. On 2023-11-20 (Mo.) 15:14, Tristan wrote: Hi Aleksandar, On 20 Nov 2023, at 17:18, Aleksandar Lazic wrote: at configuration Change the reload leaves the old processes alive until "hard-stop-after" value and after that is the connection terminated which does not

Re: [ANNOUNCE] haproxy-2.9-dev10

Hi Willy. On 2023-11-18 (Sa.) 15:40, Willy Tarreau wrote: Hi, HAProxy 2.9-dev10 was released on 2023/11/18. It added 154 new commits after version 2.9-dev9. Wow what a release :-) [snipp] BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() BUG/MEDIUM: mux-h1: fail

Re: Understanding haproxy's regex

Hi Christoph. On 2023-11-17 (Fr.) 10:26, Christoph Kukulies wrote: I have the following line in my config: backend website     http-request replace-header Destination ^([^\ :]*)\ /(.*) \1\ /opencms/\2     server www.mydomain.org 127.0.0.1:8080 Actually I'm used

Re: AW: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with keeping the client IP

suggestions how to solve the issue? Best regards, Sören Hellwig Regards Alex -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Mittwoch, 1. November 2023 15:36 An: Hellwig, Sören ; haproxy@formilux.org Betreff: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy

Re: AW: [EXT] Re: Question about syslog forwarding with HAProxy with keeping the client IP

[FCGI] fcgi-app [SPOE] spoe [TRACE] trace Best regards, Sören Hellwig -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Montag, 30. Oktober 2023 17:58 An: Hellwig, Sören ; haproxy@formilux.org Betreff: [EXT] Re: Question about syslog forwarding with HAProxy with keepin

Re: Question about syslog forwarding with HAProxy with keeping the client IP

Hi, On 2023-10-30 (Mo.) 15:55, Hellwig, Sören wrote: Hello Support-Team, we are using the HAProxy as load balancer for our Graylog servers. Which version of HAProxy? haproxy -vv The TCP based protocols works fine, but we have some trouble with the syslog forwarding. Our configuration

Re: How to limit client body/upload size?

Hi. On 2023-10-17 (Di.) 16:46, Gilles Van Vlasselaer wrote: Hi, we are currently migrating servers and decided to drop NGINX in favour of HAProxy, however we had issues in the past where people would bomb us with massive file uploads on some services. Is there an equivalent like nginx's

[PATCH] DOC: internal: filters: fix reference to entities.pdf

Hi. Here the patch to fix the filter.txt file. Regards AlexFrom 68bb30b6ad1b0ca5348a95219b09964aafe9ba36 Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic Date: Sun, 22 Oct 2023 18:36:54 +0200 Subject: [PATCH] DOC: internal: filters: fix reference to entities.pdf In doc/internals/api

Re: Missing doc entities in doc/internals

Hi Willy. On 2023-10-20 (Fr.) 23:21, Willy Tarreau wrote: Hi Alex, On Fri, Oct 20, 2023 at 11:11:59PM +0200, Aleksandar Lazic wrote: I can't find any doc about entities in the current git alex@alex-tuxedoinfinitybooks1517gen7 on 20/10/2023 at 23:06:19 /datadisk/git-repos/haproxy $ find

Missing doc entities in doc/internals

Hi. As I go thru the filter.txt now is this statement written. https://github.com/haproxy/haproxy/blob/master/doc/internals/api/filters.txt#L50C15-L50C23 ``` First of all, to fully understand how filters work and how to create one, it is best to know, at least from a distance, what is a proxy

Re: Some filter discussion for the future

Hi. FYI: I have created a repo for the rs filter https://github.com/git001/hap-rs-filter feel free to participate/contribute :-) Regards Alex On 2023-10-19 (Do.) 22:53, Aleksandar Lazic wrote: Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome follow

Re: Some filter discussion for the future

Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome follow-up to the tangent we went on in the announce thread. Thanks :-) As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options.

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 20:12, Lukas Tribus wrote: On Mon, 16 Oct 2023 at 19:41, Aleksandar Lazic wrote: On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. Actually haproxy 1.8 supports H2 (without implementing HTX), as per the documentation and announcements

Re: CVE-2023-44487 and haproxy-1.8

.com blog quite accurate why 1.8 is not affected with that CVE. Ryan Regards Alex On Mon, Oct 16, 2023 at 12:41 PM Aleksandar Lazic <mailto:al-hapr...@none.at>> wrote: On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: > Does 1.8 support http/2? No. > On Mon,

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. On Mon, Oct 16, 2023, 18:58 Ryan O'Hara > wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid

Re: CVE-2023-44487 and haproxy-1.8

Hi Ryan. On 2023-10-16 (Mo.) 17:49, Ryan O'Hara wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A This article states that HAProxy versions 1.9 and later are *not* affetced,

Some filter discussion for the future

Hi. As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options. As far as I know have we this filters. Available filters : [SPOE] spoe [CACHE] cache [FCGI] fcgi-app [COMP] compression [TRACE] trace There is also the

Re: HA Proxy

Hi Mohammed. Yes HAProxy supports all of the requested capacity and features from below. For a nice example what HAProxy is able to handle can you read this Blog post. https://www.haproxy.com/blog/haproxy-forwards-over-2-million-http-requests-per-second-on-a-single-aws-arm-instance The very

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi. On 2023-10-10 (Di.) 09:08, Willy Tarreau wrote: Hi Tristan, On Sun, Oct 08, 2023 at 12:15:00PM +, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: [...] Maybe this will then bring up SPOE to a level where the body of a request can be

Re: [ANNOUNCE] haproxy-2.9-dev7

On 2023-10-08 (So.) 14:15, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: […] Maybe this will then bring up SPOE to a level where the body of a request can be scanned and bring it to a full WAF level or as WASM filter. Any thoughts on the

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 14:45, Willy Tarreau wrote: Hi Alex, On Sat, Oct 07, 2023 at 01:51:43PM +0200, Aleksandar Lazic wrote: Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6. This version fixes a number of issues in previous development releases and prepares the work for subsequent patch series: [snip] -

Re: Patch sample_conv_json_query in sample.c to return array values

Dear Jens. Please can you create a patch as mentioned in https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING as suggested in https://github.com/haproxy/haproxy/issues/2281#issuecomment-1721014384 Regards Alex On 2023-09-15 (Fr.) 14:57, Jens Popp wrote: Hi, currently the method

Re: HAProxy and musl (was: Re: HAproxy Error)

Hi. Resuscitate this old thread with a musl lib update. https://musl.libc.org/releases.html ``` musl-1.2.4.tar.gz (sig) - May 1, 2023 This release adds TCP fallback to the DNS stub resolver, fixing the longstanding inability to query large DNS records and incompatibility with recursive

Re: HaProxy does not updating DNS cache

Hi. On 2023-09-13 (Mi.) 14:39, Henning Svane wrote: Hi I have tried using a DNS with a TTL of 600 sec. and the DNS changes once in a while, but every time I have to restart Haproxy to get the updated DNS to work. Even if I wait for hours. I can see with nslookup that the server can see

Re: how to upgrade haproxy

=8492a4f37208a6099629101466fec3378a28e73c;hb=HEAD Regards Alex On Thu, 24 Aug 2023 at 4:00 PM, Aleksandar Lazic <mailto:al-hapr...@none.at>> wrote: Hi Atharva Shripad Dudwadkar. On 2023-08-24 (Do.) 12:08, Willy Tarreau wrote: > Hi, > > On Thu, Aug 24, 2023 at 03:23:59PM +053

Re: [ANNOUNCE] haproxy-2.9-dev4

Hi. On 2023-08-25 (Fr.) 19:35, Willy Tarreau wrote: Hi, HAProxy 2.9-dev4 was released on 2023/08/25. It added 59 new commits after version 2.9-dev3. Some interesting new stuff continues to arrive in this version: [snipp] - reverse HTTP: see below for a complete description. I hope it

Please what is 'new protocol named "reverse_connect"' for?

Hi. I just seen some commits about protocol for active reverse connect and ask me, what's the main use case for that protocol could be? As far as I have seen is it for now for H2 Settings but I'm not sure if I understood the commits right. Regards Alex

Re: how to upgrade haproxy

Hi Atharva Shripad Dudwadkar. On 2023-08-24 (Do.) 12:08, Willy Tarreau wrote: Hi, On Thu, Aug 24, 2023 at 03:23:59PM +0530, Atharva Shripad Dudwadkar wrote: Hi haproxy Team, Can you please help me with the upgrading process regarding haproxy from 2.0.7 to 2.5. in RHEL. Could you please share

Re: WebTransport support/roadmap

Hi. On 2023-08-17 (Do.) 10:14, Artur wrote: Feature request submitted: https://github.com/haproxy/haproxy/issues/2256 Thank you. I have added a simple picture based on your E-Mails, hope I have understood your request properly. Regards Alex

Re: WebTransport support/roadmap

Hi. On 2023-08-16 (Mi.) 17:29, Artur wrote: Hello ! I wonder if there is a roadmap to support WebTransport protocol in haproxy. There are some explanations/references (if needed) from socket.io dev team that started to support it : https://socket.io/get-started/webtransport Looks like

Re: Problems using custom error files with HTTP/2

ddressed by having a setting for each side (front vs back). ``` That the doc link to the alpn keyword. http://docs.haproxy.org/2.8/configuration.html#5.1-alpn Thanks, Nick Regards Alex On 17/04/2023 15:09, Aleksandar Lazic wrote: On 17.04.23 15:08, Willy Tarreau wrote: On Mon, Apr 17, 2

libcrypt may be removed completely in future Glibc releases

Hi. I have seen this lines in the current glibc release notes https://sourceware.org/glibc/wiki/Release/2.38 ``` 2.1. Building libcrypt is disabled by default If you still need Glibc libcrypt, pass --enable-crypt to the configure script. Note that libcrypt may be removed completely in

Re: QUIC with a fcgi backend

Yaacov. On 2023-07-24 (Mo.) 15:08, Christopher Faulet wrote: Le 7/24/23 à 12:24, Yaacov Akiba Slama a écrit : Hi Christopher, Thanks for report. It is not a known issue, but I can confirm it. When H3 HEADERS frames are converted to the internal HTTP representation (HTX), a flag is missing to

Re: QUIC with a fcgi backend

Hi. On 2023-07-22 (Sa.) 21:48, Yaacov Akiba Slama wrote: Hi, It seems that there is a bug in QUIC when using a fastcgi backend: As soon as the size of the uploaded data is more than bufsize, the server returns 400 Bad request and shows PH-- in the logs. The problem occurs with both haproxy

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

[1] https://github.com/aws/s2n-quic [2] https://github.com/aws/s2n-quic/pull/1840 [3] https://github.com/aws/aws-lc-rs [4] https://github.com/aws/aws-lc/issues/804 Thanks, Andrew ---- *From:* Aleksandar Lazic *Sent:* Wednesday, Jul

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Hi Andrew. On 2023-07-12 (Mi.) 02:26, Hopkins, Andrew wrote: Hello HAProxy maintainers, I work on the AWS libcrypto (AWS-LC) project [1]. Our goal is to improve the cryptography we use internally at AWS and help our customers externally. In the spirit of helping people use good crypto we know

Re: QUIC (mostly) working on top of unpatched OpenSSL

Hi. Just a addendum below to my last mail. On 2023-07-07 (Fr.) 00:33, Aleksandar Lazic wrote: Hi Willy On 2023-07-06 (Do.) 22:05, Willy Tarreau wrote: Hi all, as the subject says it, Fred managed to make QUIC mostly work on top of a regular OpenSSL. Credit goes to the NGINX team who found

Re: QUIC (mostly) working on top of unpatched OpenSSL

Hi Willy On 2023-07-06 (Do.) 22:05, Willy Tarreau wrote: Hi all, as the subject says it, Fred managed to make QUIC mostly work on top of a regular OpenSSL. Credit goes to the NGINX team who found a clever and absolutely ugly way to abuse OpenSSL callbacks to intercept and inject data from/to

Re: [PATCH 1/1] MEDIUM: ssl: new sample fetch method to get curve name

Hi. On 2023-06-20 (Di.) 18:50, Mariam John wrote: Adds a new sample fetch method to get the curve name used in the key agreement to enable better observability. In OpenSSLv3, the function `SSL_get_negotiated_group` returns the NID of the curve and from the NID, we get the curve name by passing

Re: OCSP renewal with 2.8

Hi. On 2023-06-02 (Fr.) 22:42, Lukas Tribus wrote: On Fri, 2 Jun 2023 at 21:55, Willy Tarreau wrote: Initially during the design phase we thought about having 3 states: "off", "on", "auto", with the last one only enabling updates for certs that already had a .ocsp file. But along discussions

@Wolfssl: any plans to add "ECH (Encrypted client hello) support" and question about Roadmap

Hi, As we have now a shiny new LTS let's take a look into the future :-) As the Wolfssl looks like a good future alternative for OpenSSL is there any plan to add ECH (Encrypted client hello) ( https://github.com/haproxy/haproxy/issues/1924 ) into Wolfssl? Is there any Idea which feature is

Re: Followup on openssl 3.0 note seen in another thread

Hi Shawn. On 2023-05-28 (So.) 05:30, Shawn Heisey wrote: On 5/27/23 18:03, Shawn Heisey wrote: On 5/27/23 14:56, Shawn Heisey wrote: Yup.  It was using keepalive.  I turned keepalive off and repeated the tests. I did the tests again with 200 threads.  The system running the tests has 12

Re: unsubscribe

Hi. On 14.05.23 22:07, Roman Gelfand wrote: Here is the unsubscribe address. https://www.haproxy.org/#tact Regards Alex

Re: equivalent of url32+src for hdr_ip(x-forwarded-for)?

 side=FE|BE     mux=PASS     flags=NO_UPG Available services : prometheus-exporter Available filters :         [SPOE] spoe         [CACHE] cache         [FCGI] fcgi-app         [COMP] compression         [TRACE] trace Hope that helps Regards Alex On Thu, May 11, 2023 at 11:21 PM Aleksand

Re: equivalent of url32+src for hdr_ip(x-forwarded-for)?

Dear Nathan. On 11.05.23 23:59, Nathan Rixham wrote: Hi All, I've run into an issue I can't figure out, essentially need to use url32+src in stick tables, but where src is the x-forwarded-for address rather than the connecting source - any advice would be appreciated. As this is a quite

Re: Drain L4 host that fronts a L7 cluster

Isn't is a similar request to https://github.com/haproxy/haproxy/issues/969 as I mentioned in the issue https://github.com/haproxy/haproxy/issues/2149 On 06.05.23 01:18, Abhijeet Rastogi wrote: Thanks for the response Tristan. For the future reader of this thread, a feature request was

Any Roadmap for "Server weight modulation based on smoothed average measurement" ( https://github.com/haproxy/haproxy/issues/1977 )

Hi. Is there any Plan when the work on this part will start or will be this a smooth forward :-) Regards Alex

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Willy. On 28.04.23 11:14, Aleksandar Lazic wrote: Hi Will. On 28.04.23 11:07, Willy Tarreau wrote: [snipp] So from what I'm reading above, the regtest is fake and doesn't test the presence of digits in the returned value. Could you please correct it so that it properly verifies

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Will. On 28.04.23 11:07, Willy Tarreau wrote: Hi Alex, On Fri, Apr 28, 2023 at 10:59:46AM +0200, Aleksandar Lazic wrote: Hi Willy. On 30.03.23 06:23, Willy Tarreau wrote: On Thu, Mar 30, 2023 at 06:16:34AM +0200, Willy Tarreau wrote: Hi Alex, On Wed, Mar 29, 2023 at 04:06:10PM +0200

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Willy. On 30.03.23 06:23, Willy Tarreau wrote: On Thu, Mar 30, 2023 at 06:16:34AM +0200, Willy Tarreau wrote: Hi Alex, On Wed, Mar 29, 2023 at 04:06:10PM +0200, Aleksandar Lazic wrote: Ping? thanks for the ping, I missed it a few times when being busy with some painful bugs in the past

Re: Reproducible ERR_QUIC_PROTOCOL_ERROR with all QUIC-enabled versions (2.6 to latest 2.8-dev)

Hi Bob. On 18.04.23 17:07, Zakharychev, Bob wrote: While experimenting with enabling QUIC in HAProxy sitting in front of our closed-source application I stumbled upon a reproducible QUIC protocol failure/malfunction while accessing specific CSS resource, which is served via internal

Re: Puzzlement : empty field vs. ,field() -m

Hi. On 18.04.23 00:55, Jim Freeman wrote: In splitting out fields from req.cook, populated fields work well, but detecting an unset field has me befuddled: acl COOK_META_MISSING req.cook(cook2hdr),field(3,\#) ! -m found -m str '' does not detect that a cookie/field is empty ? Running the

Re: Problems using custom error files with HTTP/2

On 17.04.23 15:08, Willy Tarreau wrote: On Mon, Apr 17, 2023 at 03:04:05PM +0200, Lukas Tribus wrote: On Sat, 15 Apr 2023 at 23:08, Willy Tarreau wrote: On Sat, Apr 15, 2023 at 10:59:42PM +0200, Willy Tarreau wrote: Hi Nick, On Sat, Apr 15, 2023 at 09:44:32PM +0100, Nick Wood wrote:

Re: Opinions desired on HTTP/2 config simplification

Hi. On 15.04.23 11:32, Willy Tarreau wrote: Hi everyone, I was discussing with Tristan a few hours ago about the widespread deployment of H2 and H3, with Cloudflare showing that H1 only accounts for less than 7% of their traffic and H3 getting close to 30% [1], and the fact that on the

Re: Problems using custom error files with HTTP/2

Hi Nic, On 15.04.23 19:35, Nick Wood wrote: Hello all, I have recently enabled HTTP/2 on our HAProxy server by adding the following to the bind line: alpn h2,http/1.1 Everything appears to be working fine, apart from our custom error pages. Rather than serving the custom page as

Re: Interest in HA Proxy from Sonicwall

Hi Kenny. On 05.04.23 20:04, Kenny Lederman wrote: Hi team, Do you have an account rep assigned to Sonicwall that could help me with getting a POC set up? This is the Open Source Mailing list, if you want to get in touch with the Company behind HAProxy please use this.

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Ping? On 10.01.23 21:27, Aleksandar Lazic wrote: On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" decision to which server should the reque

Re: RFQ HAPROXY SERVER for CTBC Bank

HI. On 29.03.23 05:02, Procurement - TTSolution wrote: Hi Sir/Madam, Please help to provide quotation below for: 1. *HAPROXY SERVER – QTY: 1* As willy already written is this list mainly for the OpenSource HAProxy. You can get in touch for the Enterprise Version on this page.

Re: HAProxy CE Docker Debian and Ubuntu images with QUIC

Hi Dinko. On 19.03.23 19:54, Dinko Korunic wrote: Dear community, As previously requested, we have also started building HAProxy CE  for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) built on top of Debian 11 Bullseye and Ubuntu 22.04 Jammy Jellyfish base

Re: HAProxy CE Docker Alpine image with QUIC

Hi Dinko. On 17.03.23 20:59, Dinko Korunic wrote: Dear community, Upon many requests, we have started building HAProxy CE for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) as Docker Alpine 3.17 images. That's great news :-). What should keep in mind is that

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi. Any chance to add this Patch? Regards Alex On 10.01.23 21:27, Aleksandar Lazic wrote: On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better"

Re: proxy

Hi Adam. On 12.01.23 01:30, Adam wrote: Dear Friend I have a service to broadcast channels and movies over the Internet by panel iptv And I have servers that I want to hide the real IP of in order to protect them from attacks It is on the other hand a complaint of abuse How do you help me

Re: [ANNOUNCE] haproxy-2.8-dev1

Hi Willy. On 07.01.23 19:49, Willy Tarreau wrote: Hi Alex, On Sat, Jan 07, 2023 at 06:31:40PM +0100, Aleksandar Lazic wrote: On 07.01.23 10:38, Willy Tarreau wrote: Hi, HAProxy 2.8-dev1 was released on 2023/01/07. It added 206 new commits after version 2.8-dev0. [snipp] Any chance

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" decision to which server should the request be send, here the beginning of the patches. In

Re: [ANNOUNCE] haproxy-2.8-dev1

On 07.01.23 10:38, Willy Tarreau wrote: Hi, HAProxy 2.8-dev1 was released on 2023/01/07. It added 206 new commits after version 2.8-dev0. [snipp] Any chance to add this patch to 1.8? [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi, Any feedback to that patch? On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" decision to which server should the request be send, here the

[PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

e rtt from the backend, Imho. Does anybody know how I can "delay/sleep/wait" for the server answer to get some rtt which are not 0 as the rtt is 0. Regards AlexFrom 7610bb7234bd324e06e56732a67bf8a0e65d7dbc Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic Date: Fri, 9 Dec 2022 13:05:52 +0100 Su

Re: Haproxy send-proxy probes error

Hi. There is already a bug entry in apache bz from 2019 about that message. https://bz.apache.org/bugzilla/show_bug.cgi?id=63893 Regards Alex 23.11.2022 21:36:26 Marcello Lorenzi : > Hi All, > we use haproxy 2.2.17-dd94a25 in our development environment and we configure > a backend with

Re: Rate Limit a specific HTML request

nfig. Is this what you would like to do? I'm not sure if this is possible with HAProxy. Regards Alex Norman Branitsky Senior Cloud Architect P: 416-916-1752 -----Original Message- From: Aleksandar Lazic Sent: Tuesday, November 22, 2022 4:27 PM To: Branitsky, Norman Cc: HAProxy Subject

Re: Rate Limit a specific HTML request

Hi. On 22.11.22 21:57, Branitsky, Norman wrote: I have the following "generic" rate limit defined - 150 requests in 10s from the same IP address: stick-table  type ip size 100k expire 30s store http_req_rate(10s) http-request track-sc0 src unless { src -f

Re: How to return 429 Status Code instead of 503

hi. but there is a 429 error code in the source. https://git.haproxy.org/?p=haproxy.git=search=HEAD=grep=HTTP_ERR_429 As you don't written which version you use, maybe you can use the latest 2.6 version and give the error code 429 a chance :-) regards alex 17.11.2022 16:29:02 Chilaka

Re: HAPROXYU (apps) -

Dear Carolina. Please get in touch with the HAProxy Company for a offer. https://www.haproxy.com/contact-us/ This Mailing list is for the OpenSource HAProxy. Regards Alex On 07.11.22 13:06, Coco, Carolina wrote: Hi team, Could you please send us an offer for the marked in yellow?, its for

Re: dsr and haproxy

Hi. On 04.11.22 12:24, Szabo, Istvan (Agoda) wrote: Hi, Is there anybody successfully configured haproxy and dsr? Well maybe this Blog Post is a good start point. https://www.haproxy.com/blog/layer-4-load-balancing-direct-server-return-mode/ Regards Alex Istvan Szabo Senior

Re: Two frontends with the same IP and Port

Hi Roberto. On 25.10.22 17:01, Roberto Carna wrote: Sorry, I want two different backends with same IP/port and different SSL options as follow, and the same SSL wildcard certificate: # Frontend 1 with certain SSL options frontend Web1 bind 10.10.1.1:443 ssl crt /root/ssl/ no-sslv3 no-tlsv10

Re: I can't disable TLS v1.1 from Internet

Hi Roberto. On 24.10.22 03:21, Roberto Carna wrote: Dear, I have this scenario: Internet --> HAproxy Frontend --> HAproxy Backend --> Web servers HAproxy version 1.5.8 in frontend (disabling protocols in the backend section connected to HAProxy backend): server HA-Backend 172.20.20.1:443 ssl

Re: HA Proxy License

Hi John. I suggest to get in touch whith HAProxy company via this form. https://www.haproxy.com/contact-us/ best regards alex 07.10.2022 17:55:42 John Bowling (CE CEN) : > Hello, > > What are the costs for the license or is there a subscription for license? > > *John L. Bowling (JB)* > >

Re: http-response option in frontend section or backend section?

Hi. On 03.10.22 16:29, Roberto Carna wrote: Dear, I have a HAProxy with several web applications but I have to solve the cookie without a secure flag problem in just one web application. Do I have to define the "http-response replace header" option in the frontend section or in the backend

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

Hi William. On 14.09.22 18:50, William Lallemand wrote: Hello List, We've just finished the portage of HAProxy for the next libreSSL version which implements the quicTLS API. Wow great news. For those interested this is how you are supposed to compile everything: The libreSSL library:

Re: Defining two FTP connections pointing to the same server

Hi. On 18.08.22 20:40, Roberto Carna wrote: Dear all, I have to change my haproxy.cfg file in order to enable two FTP connections to the same server, with these requirements: FTP server IP: 10.10.1.10 1st FTP service: FTP Control: port 21 FTP Data: port 11000 to 11010 2nd FTP service: FTP

Re: 3rd party modules support

Hi. On 17.08.22 16:54, Pavel Krestovozdvizhenskiy wrote: Does HAProxy support of 3rd party modules? Not LUA scripts but compiled modules. Something like modules in nginx. I've read the documentation and did not found clear answer. Not as far as i know, a more detailed answer can be found

Re: Sending CORS headers with HAProxy-generated error responses

this for the other required CORS headers I haven't tried this, but does it some like it will accomplish what I described in my original post? I would say give it a try and see if works. Regards Alex -Original Message- From: Aleksandar Lazic Sent: Friday, August 12, 2022 6:45 AM To: Eric Joh

Re: Sending CORS headers with HAProxy-generated error responses

Hi Eric. On 11.08.22 21:59, Eric Johanson wrote: When HAProxy generates an HTTP 500 error (say because our servers are down), then HAProxy does not send any CORS information. Because of this, the HTTP 500 responses do not arrive at our web application because they are blocked by the browser.

  1   2   3   4   5   6   7   8   9   10   >