RE: Matching URLs at layer 7

2010-04-28 Thread Andrew Commons
xperimenting and I hope I don't lock myself out ;-) Cheers Andrew -Original Message- From: myse...@gmail.com [mailto:myse...@gmail.com] On Behalf Of Benedikt Fraunhofer Sent: Wednesday, 28 April 2010 7:42 PM To: Andrew Commons Cc: haproxy@formilux.org Subject: Re: Matching URLs at

RE: Matching URLs at layer 7

2010-04-28 Thread Andrew Commons
s then let's find out what these are! Cheers Andrew -Original Message- From: myse...@gmail.com [mailto:myse...@gmail.com] On Behalf Of Benedikt Fraunhofer Sent: Wednesday, 28 April 2010 6:23 PM To: Andrew Commons Cc: haproxy@formilux.org Subject: Re: Matching URLs at layer 7 Hi

RE: Matching URLs at layer 7

2010-04-28 Thread Andrew Commons
on 7 about ACL usage. -Original Message- From: Andrew Commons [mailto:andrew.comm...@bigpond.com] Sent: Wednesday, 28 April 2010 4:06 PM To: 'haproxy@formilux.org' Subject: Matching URLs at layer 7 I'm confused over the behaviour of the url criteria in layer 7 acls.

Matching URLs at layer 7

2010-04-27 Thread Andrew Commons
I'm confused over the behaviour of the url criteria in layer 7 acls. If I have a definition of the form: acl xxx_host hdr(Host) -i xxx.example.com then something like this works fine: use_backend xxx if xxx_host If I try something like this: acl xxx_u

RE: mod_security and/or fail2ban

2010-03-16 Thread Andrew Commons
I would also be very interested in the learned opinions of the other readers of this list on this topic. When I first considered this in the HAProxy context a few weeks ago I figured that implementing this functionality in HAProxy or putting it in-line with HAProxy on the same server would be a bo

RE: Question on URL based load balancing

2010-03-08 Thread Andrew Commons
I would reinforce the point Willy is making regarding syntax. URLs contain characters that are part of the regex metacharacter set. It is very easy to overlook this and resulting expressions will work...most of the time. I think an example can be found in the documentation. There is a section cont

RE: option httpchk version 'trick'

2010-02-27 Thread Andrew Commons
ssage- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: Saturday, 27 February 2010 8:39 PM To: Andrew Commons Cc: haproxy@formilux.org Subject: Re: option httpchk version 'trick' Hi Andrew, On Sat, Feb 27, 2010 at 07:59:27PM +1030, Andrew Commons wrote: > Hi Willy, > > Than

RE: option httpchk version 'trick'

2010-02-27 Thread Andrew Commons
management. -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: Saturday, 27 February 2010 6:56 PM To: Andrew Commons Cc: haproxy@formilux.org Subject: Re: option httpchk version 'trick' Hi Andrew, On Sat, Feb 27, 2010 at 03:15:25PM +1030, Andrew Commons wrote

option httpchk version 'trick'

2010-02-26 Thread Andrew Commons
Hi all, The ability to extend the option httpchk argument string to dummy up a Host header is described as a 'trick' in the configuration documentation. I have found that the 'trick' can be extended to add User-Agent (HAProxy) and Accept (*/*) headers to keep ModSecurity quiet when checking an Ap