Re: stick-table replication not working anymore after Version-Upgrade

Am Mi., 1. März 2023 um 11:49 Uhr schrieb Aurelien DARRAGON < adarra...@haproxy.com>: > > In the HAProxy configuration i'm using the FQDN name, and it seems > > HAProxy is just using the short hostname. > This seems to be true indeed, "localpeer" default value is retrieved > thanks to

Re: stick-table replication not working anymore after Version-Upgrade

Am Mi., 1. März 2023 um 10:49 Uhr schrieb Lukas Tribus : > On Wed, 1 Mar 2023 at 10:09, bjun...@gmail.com wrote: > > > > Hi, > > > > i've upgraded from HAProxy 2.4.15 (OS: Ubuntu 18.04) to 2.4.22 (OS: > Ubuntu 22.04). Now the stick-table synchronization between

stick-table replication not working anymore after Version-Upgrade

Hi, i've upgraded from HAProxy 2.4.15 (OS: Ubuntu 18.04) to 2.4.22 (OS: Ubuntu 22.04). Now the stick-table synchronization between peers isn't working anymore. The peers listener is completely not existing (lsof output). HAProxy config: peers LB peer s017.domain.local 192.168.120.207:1234

Re: [ANNOUNCE] HTX vulnerability from 2.0 to 2.5-dev

Hi, is HAProxy 2.0.x with "no option http-use-htx" also affected by this vulnerability? Best regards / Mit freundlichen Grüßen Bjoern Am Di., 7. Sept. 2021 um 17:30 Uhr schrieb Willy Tarreau : > Hi everyone, > > Right after the previous announce of HTTP/2 vulnerabilities, a group > of security

Re: No access to git.haproxy.org from Travis CI

Am Sa., 13. Juni 2020 um 22:15 Uhr schrieb Willy Tarreau : > Hi William, > > On Sat, Jun 13, 2020 at 03:13:06PM +0200, William Dauchy wrote: > > Hi, > > > > On Thu, Jun 11, 2020 at 1:10 PM Willy Tarreau wrote: > > > Sure but what I wanted to say was that travis seems to be the only > > > point

Re: Storing src + backend or frontend name in stick-table

Hi Christian, i'm using the following (i don't know if you're asking for HTTP mode) when i need to track multiple sample fetches: frontend http http-request set-header X-Concat %[req.fhdr(User-Agent)]_%[src] http-request track-sc0 req.fhdr(X-Concat) Best regards / Mit freundlichen Grüßen

Re: Dynamic SSL certificate loading with haproxy-2.2-dev

Am Mittwoch, 17. Juni 2020 schrieb William Lallemand : > Hello, > > On Wed, Jun 17, 2020 at 03:28:19PM +0300, tbn wrote: > > Hello list, > > > >I saw William Lallemand's announcement regarding the possibility of > > loading dynamic ssl certificates right here > >

Re: Ubuntu 20.04 + TLSv1

Am Fr., 12. Juni 2020 um 16:02 Uhr schrieb Jerome Magnin : > On Fri, Jun 12, 2020 at 03:09:18PM +0200, bjun...@gmail.com wrote: > > Hi, > > > > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14. > > > > I'm trying to get TLSv1 working (we need this for s

Re: Ubuntu 20.04 + TLSv1

Am Fr., 12. Juni 2020 um 15:38 Uhr schrieb bjun...@gmail.com < bjun...@gmail.com>: > Am Fr., 12. Juni 2020 um 15:24 Uhr schrieb Lukas Tribus : > >> Hello Bjoern, >> >> >> On Fri, 12 Jun 2020 at 15:09, bjun...@gmail.com >> wrote: >> > &g

Re: Ubuntu 20.04 + TLSv1

Am Fr., 12. Juni 2020 um 15:24 Uhr schrieb Lukas Tribus : > Hello Bjoern, > > > On Fri, 12 Jun 2020 at 15:09, bjun...@gmail.com wrote: > > > > Hi, > > > > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14. > > > > I'm trying to get TLSv1 work

Ubuntu 20.04 + TLSv1

Hi, currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14. I'm trying to get TLSv1 working (we need this for some legacy clients), so far without success. I've read different things, on the one hand Ubuntu has removed TLSv1/TLSv1.1 support completely, otherwise that it can be enabled:

Re: No access to git.haproxy.org from Travis CI

Am Do., 11. Juni 2020 um 15:00 Uhr schrieb Willy Tarreau : > By the way if that helps I've re-added the records for > {git,www}.haproxy.org. It will take one hour or so to propagate, but > you'll be able to see if using IPv6 causes the same issue or not. I'd > guess it would work better

Re: No access to git.haproxy.org from Travis CI

/ Mit freundlichen Grüßen Bjoern Am Do., 11. Juni 2020 um 13:17 Uhr schrieb Willy Tarreau : > On Thu, Jun 11, 2020 at 01:09:37PM +0200, bjun...@gmail.com wrote: > > Hello Willy, > > > > just for clarity, it's not only port 80. I've looked at it, it's > > definitely some

Re: No access to git.haproxy.org from Travis CI

Hello Willy, just for clarity, it's not only port 80. I've looked at it, it's definitely some issue/blocking within the travis infrastructure, routing from GCE Cloud (us-east1) is fine. Best regards / Mit freundlichen Grüßen Bjoern Am Do., 11. Juni 2020 um 12:23 Uhr schrieb Willy Tarreau : >

No access to git.haproxy.org from Travis CI

Hello Willy, i have a Travis CI job that is pulling/cloning a repo from git.haproxy.org, but unfortunately this isn't working anymore (i believe since May, 12). Output Travis CI job: $ ping -c 4 git.haproxy.org PING ipv4.haproxy.org (51.15.8.218) 56(84) bytes of data. --- ipv4.haproxy.org ping

Re: Redirect and rewrite part of query string (using map files)

Am Samstag, 18. Januar 2020 schrieb Aleksandar Lazic : > Hi Bjoern. > > On 18.01.20 14:02, bjun...@gmail.com wrote: > >> Am Samstag, 18. Januar 2020 schrieb Aleksandar Lazic > <mailto:al-hapr...@none.at>>: >> >> Hi. >> >> On 18.01

Redirect and rewrite part of query string (using map files)

Hi, i want to redirect the following (the value of the code param should be rewritten): abc.de/?v=1=1530=3-> abc.de/?v=1=6780=3 abc.it/?v=2=2400=2 -> abc.it/?v=2=7150=2 abc.fr .. abc.se .. . . When i don't use maps, i can accomplish the task with the following lines (but this needs

Re: [PATCH] MINOR: sample: add ssl_sni_check converter

Am Fr., 17. Mai 2019 um 21:15 Uhr schrieb Tim Düsterhus : > > Willy, > > Am 23.12.18 um 21:20 schrieb Moemen MHEDHBI: > > Hi, > > > > The attached patch adds the ssl_sni_check converter which returns true > > if the sample input string matches a loaded certificate's CN/SAN. > > > > This can be

Re: [PATCH] MEDIUM: lua: Add stick table support for Lua

Am Sa., 29. Sep. 2018 um 20:18 Uhr schrieb Willy Tarreau : > > Hi Adis, > > On Thu, Sep 27, 2018 at 05:32:22PM +0200, Adis Nezirovic wrote: > > On Thu, Sep 27, 2018 at 04:52:29PM +0200, Thierry Fournier wrote: > > > I Adis, > > > > > > Sorry for the delay, I processed a quick review, and all seems

http-request set-src without PROXY protocol

Hi, i'm currently experimenting with "http-request set-src". When i use it in a backend with PROXY Protocol configured, it's working and the IP is written in the PROXY protocol header. But what does "set-src" do if no PROXY Procotol is used/can be used? Is the "http-request set-src" feature

Re: Possibility to modify PROXY protocol header

2018-07-31 17:56 GMT+02:00 James Brown : > I think if you use the `http-request set-src` directive it'll populate the > PROXY headers in addition to the internal logging > > On Fri, Jul 27, 2018 at 7:05 AM bjun...@gmail.com wrote: >> >> Hi, >> >> is there an

Possibility to modify PROXY protocol header

Hi, is there any possibilty to modify the client ip in the PROXY Protocol header before it is send to a backend server? My use case is a local integration/functional testing suite (multiple local docker containers for testing the whole stack - haproxy, cache layer, webserver, etc.). I would

1.7.8 upgrade question

Hi, we want to roll-out 1.7.8 in production (upgrading from 1.6.8). While preparing the update (reading changelog/mailinglist/git log, searching for known issues etc.), i stumbled upon this: https://www.mail-archive.com/haproxy@formilux.org/msg26282.html I don't know if i'm interpreting

Re: Lua + shared memory segment

2017-08-01 10:47 GMT+02:00 Thierry Fournier <thierry.fourn...@arpalert.org>: > >> On 31 Jul 2017, at 22:41, bjun...@gmail.com wrote: >> >> Hi, >> >> i'm experimenting with some Lua code in HAProxy where i need a simple >> key/value store (not persist

Lua + shared memory segment

Hi, i'm experimenting with some Lua code in HAProxy where i need a simple key/value store (not persistent). I want to avoid Redis or other external dependency. Is there some sort of shared memory segment in HAProxy Lua integration that can be used? (or is it possible to access HAProxy

Lua core.(m)sleep + http-response

Hi, i've an issue that was already posted some time ago (i'm using HAProxy 1.7.8): https://discourse.haproxy.org/t/core-msleep-not-working-in- http-resp-http-response It seems that sleep is completely ignored, but the connection hangs as long as the value in "timeout connect".

Re: tcp-response content tarpit if hdr(X-Tarpit-This)

2017-07-29 16:57 GMT+02:00 Charlie Elgholm : > Ok, but anyhow, this actually means that I can use http-response to do > something on the response. That's good. I'll play with it for a while on my > dev-server. Nice! > > Version can be upgraded, of course, if I can just

Re: Rate limiting w/o 429s

Am Freitag, 5. August 2016 schrieb CJ Ess : > So I know I can use Haproxy to send 429s when a given request rate is > exceeded. > > I have a case where the "user" is mostly screen scrapers and click bots, > so if I return a 429 they'll just turn around and re-request until > successful - I can't

Re: POST data logging works without option http-buffer-request

2016-02-10 8:17 GMT+01:00 Willy Tarreau <w...@1wt.eu>: > On Tue, Feb 09, 2016 at 06:10:01PM +0100, bjun...@gmail.com wrote: > > Hi, > > > > i'm currently testing 1.6.3 and request body logging. I'm wondering that > > logging of req body even works without settin

POST data logging works without option http-buffer-request

Hi, i'm currently testing 1.6.3 and request body logging. I'm wondering that logging of req body even works without setting "option http-buffer-request". Also "no option http-buffer-request" seems to have no effect. Is this intended or have i missed something? simplified config: frontend

DRAIN status

Hi, when a healthcheck ("fall 2") on a backend server is failing, the status of the backend is changing to "DRAIN 1/2" (I do not manually set the DRAIN state nor do i have agent-check's) Does that mean that for the period till the next healthcheck, the server is completely removed from load

Re: [SPAM] Re: Architecture guide reworked

2015-12-02 17:31 GMT+01:00 Olivier Doucet : > > > 2015-12-02 17:25 GMT+01:00 Olivier Doucet : > >> >> 2015-12-02 15:44 GMT+01:00 Michel Blanc : >> >>> Very good idea. >>> >>> Do you plan creating a git repo somewhere so people can

Re: Chaining haproxy instances for a migration scenario

2015-09-11 10:55 GMT+02:00 Baptiste : > On Fri, Sep 11, 2015 at 10:41 AM, Tim Verhoeven > wrote: > > Hello everyone, > > > > I'm mostly passive on this list but a happy haproxy user for more then 2 > > years. > > > > Now, we are going to migrate our

Re: tcp-request + gpc ACLs

2015-07-13 18:07 GMT+02:00 bjun...@gmail.com bjun...@gmail.com: Hi, i'm using stick-tables to track requests and block abusers if needed. Abusers should be blocked only for a short period of time and i want a stick-table entry to expire. Therefore, i have to check if the client is already

Re: Problems compiling HAProxy with Lua Support

2015-07-16 21:04 GMT+02:00 Vincent Bernat ber...@luffy.cx: ❦ 13 juillet 2015 19:58 +0200, Vincent Bernat ber...@luffy.cx : I suppose that either -ldl could be added to OPTIONS_LDFLAGS append, like this is done for -lm. Or USE_DL section could be moved towards the end. I think the first

Problems compiling HAProxy with Lua Support

Hi, i'm trying to build HAProxy 1.6 (git HEAD) with Lua (5.3.1) on Ubuntu 14.04. This was my first try: make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=yes LUA_LIB=/opt/lua53/lib/ LUA_INC=/opt/lua53/include/ LDFLAGS=-ldl resulting error: . . . gcc -ldl -o haproxy

tcp-request + gpc ACLs

Hi, i'm using stick-tables to track requests and block abusers if needed. Abusers should be blocked only for a short period of time and i want a stick-table entry to expire. Therefore, i have to check if the client is already marked as an abuser and do not track this client. example config:

Re: [ANNOUNCE] haproxy-1.5.14

Hi, is there any workaround if updating to 1.5.14 isn't possible immediately (for ex. disable http pipelining?) --- Best Regards / Mit freundlichen Grüßen Bjoern

Re: Updating a stick table from the HTTP response

Hi Holger, tcp-response content track- / http-response track- would be a nice feature, don't know if this is on the roadmap. For the moment i can only imagine the following (needs HAProxy 1.6): http-response lua script.lua Within this Lua function, you check the http response code and

Re: Delaying requests with Lua

- --- Bjoern 2015-06-19 19:37 GMT+02:00 PiBa-NL piba.nl@gmail.com: try it with: math.rand(1000) bjun...@gmail.com schreef op 19-6-2015 om 14:15: Hi, i've tried Thierry's example: function delay_request(txn) core.msleep(1000 + txn.f.rand(1000)) end

Delaying requests with Lua

Hi, i want to delay specific requests and i want to have a random delay for every request (for example in a range from 1000ms - 2000ms) As an ugly hack, you can use the following (with a static value): tcp-request inspect-delay 2000ms tcp-request content accept if WAIT_END I think i can

dynamic redirect with regex capture groups

Hi, i would like to redirect the following urls with HAProxy: www.example.at.prod.site.local - m.example.at www.example.de.prod.site.local - m.example.de . . . . apache mod_rewrite-rule: RewriteCond %{HTTP_HOST} ^(www\.)?example\.([a-z]{2,3}).prod\.site\.local$ [NC] RewriteRule ^/(.*)$

Re: Random values with inspect-delay possible ?

2014-09-04 14:33 GMT+02:00 bjun...@gmail.com bjun...@gmail.com: Hi, i'm using the following in a backend to rate-limit spider or bad behavior clients: backend be_spider tcp-request inspect-delay 2000ms tcp-request content accept if WAIT_END server node01 192.168.1.10:80

Random values with inspect-delay possible ?

Hi, i'm using the following in a backend to rate-limit spider or bad behavior clients: backend be_spider tcp-request inspect-delay 2000ms tcp-request content accept if WAIT_END server node01 192.168.1.10:80 maxconn {LOWVALUE} If now an abuser/spider/crawler is making many

Re: tracking multiple samples in stick-table

2014-08-25 18:58 GMT+02:00 bjun...@gmail.com bjun...@gmail.com: 2014-08-20 19:33 GMT+02:00 bjun...@gmail.com bjun...@gmail.com: 2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com: On 08/18/2014 05:49 PM, Baptiste wrote: On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun

Re: tracking multiple samples in stick-table

2014-09-03 11:36 GMT+02:00 Baptiste bed...@gmail.com: Hi, it's working now with the following workaround (config simplified): frontend http_in_01 bind 0.0.0.0:80 http-request set-header X-Concat %[req.fhdr(User-Agent)]_%[req.fhdr(host)] acl is_found

Re: tracking multiple samples in stick-table

2014-08-20 19:33 GMT+02:00 bjun...@gmail.com bjun...@gmail.com: 2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com: On 08/18/2014 05:49 PM, Baptiste wrote: On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun...@gmail.com wrote: Hi, i was digging through some old threads: http

Re: tracking multiple samples in stick-table

2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com: On 08/18/2014 05:49 PM, Baptiste wrote: On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun...@gmail.com wrote: Hi, i was digging through some old threads: http://t53814.web-haproxy.webtalks.info/help-with-tcp-request-content

Re: tracking multiple samples in stick-table

Thanks Emeric, brilliant idea. I will try this configuration. --- Bjoern 2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com: On 08/18/2014 05:49 PM, Baptiste wrote: On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun...@gmail.com wrote: Hi, i was digging through some

tracking multiple samples in stick-table

Hi, i was digging through some old threads: http://t53814.web-haproxy.webtalks.info/help-with-tcp-request-content-track-sc1-t53814.html http://marc.info/?l=haproxym=139458469126719w=2 I have the same requirement and want to track not only on src (source ip), i want to concatenate src +

Re: Problem with external healthchecks and haproxy-ss-20140720

2014-08-07 1:16 GMT+02:00 Cyril Bonté cyril.bo...@free.fr: Hi Bjoern, Le 06/08/2014 22:16, bjun...@gmail.com a écrit : Hi Mark, trying to test this one, but if i use the frontend/backend-syntax (and not the listen-syntax) with external-check command, HAProxy segfaults : # /usr/local

Re: Problem with external healthchecks and haproxy-ss-20140720

2014-08-04 11:44 GMT+02:00 Mark Brooks m...@loadbalancer.org: We have started doing some testing with the external health check functionality but unfortunately we cannot get the real servers to be marked as online when using this feature. This was tested with haproxy-ss-20140720 When using

ACL ordering/processing

Hi folks, I've a question regarding the ordering/processing of ACL’s. Example (HAProxy 1.4.24): frontend http_in . . acl is_example.com hdr_beg(host) -i example.com acl check_id url_reg code=(1001|1002|) acl check_id url_reg code=(3000|4001|)

redirect question

Hi, i'm trying a basic redirect with HAProxy: frontend http acl is_domain hdr_dom(host) -i abc.example.com acl root path_reg ^$|^/$ redirect location http://abc.example.com/?code=1234 code 301 if is_domain root Unfortunately this ends up in a redirect loop. I suspect

git clone hangs

Hi Willy, same problem as mentioned here: http://comments.gmane.org/gmane.comp.web.haproxy/7172 I've tried for three days in a row. P.S.: 1.5-dev22 is not linked on the front page, is this intended ? --- Bjoern

Re: use_backend condition-processing

I'm using 1.4.24. I've tested some cases in the meantime, but these tests don't give a clear answer. Anybody an idea ? 2013/6/26 bjun...@gmail.com bjun...@gmail.com Hi folks, i've a question regarding use_backend and how conditions are processed. My Example: frontend

use_backend condition-processing

Hi folks, i've a question regarding use_backend and how conditions are processed. My Example: frontend http_in_01 bind 1.2.3.4:80 log global option httplog capture request header Host len 32 capture request header User-Agent len 200 reqidel

keepalive + content-switching

Hi folks, we want to use http keep-alive + content-switching with HAProxy. I would like to ask if it's safe to use content-switching with http keep-alive when we use option http-server-close ? We want to use content-switching with standard matching criteria's ( hdr_dom(host), url_reg ).

Re: IPv6 + option forwardfor produces 502

everybody will be aware that the issue is not related to HAProxy cheers On Fri, Sep 28, 2012 at 3:15 PM, bjun...@gmail.com bjun...@gmail.com wrote: Hi, thanks Baptiste, you were right. apache error logs: [Fri Sep 28 14:45:08 2012] [notice] child pid 24745 exit signal