Am Mi., 1. März 2023 um 11:49 Uhr schrieb Aurelien DARRAGON <
adarra...@haproxy.com>:
> > In the HAProxy configuration i'm using the FQDN name, and it seems
> > HAProxy is just using the short hostname.
> This seems to be true indeed, "localpeer" default value is retrieved
> thanks to
Am Mi., 1. März 2023 um 10:49 Uhr schrieb Lukas Tribus :
> On Wed, 1 Mar 2023 at 10:09, bjun...@gmail.com wrote:
> >
> > Hi,
> >
> > i've upgraded from HAProxy 2.4.15 (OS: Ubuntu 18.04) to 2.4.22 (OS:
> Ubuntu 22.04). Now the stick-table synchronization between
Hi,
i've upgraded from HAProxy 2.4.15 (OS: Ubuntu 18.04) to 2.4.22 (OS: Ubuntu
22.04). Now the stick-table synchronization between peers isn't working
anymore.
The peers listener is completely not existing (lsof output).
HAProxy config:
peers LB
peer s017.domain.local 192.168.120.207:1234
Hi,
is HAProxy 2.0.x with "no option http-use-htx" also affected by
this vulnerability?
Best regards / Mit freundlichen Grüßen
Bjoern
Am Di., 7. Sept. 2021 um 17:30 Uhr schrieb Willy Tarreau :
> Hi everyone,
>
> Right after the previous announce of HTTP/2 vulnerabilities, a group
> of security
Am Sa., 13. Juni 2020 um 22:15 Uhr schrieb Willy Tarreau :
> Hi William,
>
> On Sat, Jun 13, 2020 at 03:13:06PM +0200, William Dauchy wrote:
> > Hi,
> >
> > On Thu, Jun 11, 2020 at 1:10 PM Willy Tarreau wrote:
> > > Sure but what I wanted to say was that travis seems to be the only
> > > point
Hi Christian,
i'm using the following (i don't know if you're asking for HTTP mode) when
i need to track multiple sample fetches:
frontend http
http-request set-header X-Concat %[req.fhdr(User-Agent)]_%[src]
http-request track-sc0 req.fhdr(X-Concat)
Best regards / Mit freundlichen Grüßen
Am Mittwoch, 17. Juni 2020 schrieb William Lallemand :
> Hello,
>
> On Wed, Jun 17, 2020 at 03:28:19PM +0300, tbn wrote:
> > Hello list,
> >
> >I saw William Lallemand's announcement regarding the possibility of
> > loading dynamic ssl certificates right here
> >
Am Fr., 12. Juni 2020 um 16:02 Uhr schrieb Jerome Magnin :
> On Fri, Jun 12, 2020 at 03:09:18PM +0200, bjun...@gmail.com wrote:
> > Hi,
> >
> > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
> >
> > I'm trying to get TLSv1 working (we need this for s
Am Fr., 12. Juni 2020 um 15:38 Uhr schrieb bjun...@gmail.com <
bjun...@gmail.com>:
> Am Fr., 12. Juni 2020 um 15:24 Uhr schrieb Lukas Tribus :
>
>> Hello Bjoern,
>>
>>
>> On Fri, 12 Jun 2020 at 15:09, bjun...@gmail.com
>> wrote:
>> >
&g
Am Fr., 12. Juni 2020 um 15:24 Uhr schrieb Lukas Tribus :
> Hello Bjoern,
>
>
> On Fri, 12 Jun 2020 at 15:09, bjun...@gmail.com wrote:
> >
> > Hi,
> >
> > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
> >
> > I'm trying to get TLSv1 work
Hi,
currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
I'm trying to get TLSv1 working (we need this for some legacy clients), so
far without success.
I've read different things, on the one hand Ubuntu has removed
TLSv1/TLSv1.1 support completely, otherwise that it can be enabled:
Am Do., 11. Juni 2020 um 15:00 Uhr schrieb Willy Tarreau :
> By the way if that helps I've re-added the records for
> {git,www}.haproxy.org. It will take one hour or so to propagate, but
> you'll be able to see if using IPv6 causes the same issue or not. I'd
> guess it would work better
/ Mit freundlichen Grüßen
Bjoern
Am Do., 11. Juni 2020 um 13:17 Uhr schrieb Willy Tarreau :
> On Thu, Jun 11, 2020 at 01:09:37PM +0200, bjun...@gmail.com wrote:
> > Hello Willy,
> >
> > just for clarity, it's not only port 80. I've looked at it, it's
> > definitely some
Hello Willy,
just for clarity, it's not only port 80. I've looked at it, it's
definitely some issue/blocking within the travis infrastructure, routing
from GCE Cloud (us-east1) is fine.
Best regards / Mit freundlichen Grüßen
Bjoern
Am Do., 11. Juni 2020 um 12:23 Uhr schrieb Willy Tarreau :
>
Hello Willy,
i have a Travis CI job that is pulling/cloning a repo from git.haproxy.org,
but unfortunately this isn't working anymore (i believe since May, 12).
Output Travis CI job:
$ ping -c 4 git.haproxy.org
PING ipv4.haproxy.org (51.15.8.218) 56(84) bytes of data.
--- ipv4.haproxy.org ping
Am Samstag, 18. Januar 2020 schrieb Aleksandar Lazic :
> Hi Bjoern.
>
> On 18.01.20 14:02, bjun...@gmail.com wrote:
>
>> Am Samstag, 18. Januar 2020 schrieb Aleksandar Lazic > <mailto:al-hapr...@none.at>>:
>>
>> Hi.
>>
>> On 18.01
Hi,
i want to redirect the following (the value of the code param should be
rewritten):
abc.de/?v=1=1530=3-> abc.de/?v=1=6780=3
abc.it/?v=2=2400=2 -> abc.it/?v=2=7150=2
abc.fr ..
abc.se ..
.
.
When i don't use maps, i can accomplish the task with the following lines
(but this needs
Am Fr., 17. Mai 2019 um 21:15 Uhr schrieb Tim Düsterhus :
>
> Willy,
>
> Am 23.12.18 um 21:20 schrieb Moemen MHEDHBI:
> > Hi,
> >
> > The attached patch adds the ssl_sni_check converter which returns true
> > if the sample input string matches a loaded certificate's CN/SAN.
> >
> > This can be
Am Sa., 29. Sep. 2018 um 20:18 Uhr schrieb Willy Tarreau :
>
> Hi Adis,
>
> On Thu, Sep 27, 2018 at 05:32:22PM +0200, Adis Nezirovic wrote:
> > On Thu, Sep 27, 2018 at 04:52:29PM +0200, Thierry Fournier wrote:
> > > I Adis,
> > >
> > > Sorry for the delay, I processed a quick review, and all seems
Hi,
i'm currently experimenting with "http-request set-src". When i use it
in a backend with PROXY Protocol configured, it's working and the IP
is written in the PROXY protocol header.
But what does "set-src" do if no PROXY Procotol is used/can be used?
Is the "http-request set-src" feature
2018-07-31 17:56 GMT+02:00 James Brown :
> I think if you use the `http-request set-src` directive it'll populate the
> PROXY headers in addition to the internal logging
>
> On Fri, Jul 27, 2018 at 7:05 AM bjun...@gmail.com wrote:
>>
>> Hi,
>>
>> is there an
Hi,
is there any possibilty to modify the client ip in the PROXY Protocol
header before it is send to a backend server?
My use case is a local integration/functional testing suite (multiple local
docker containers for testing the whole stack - haproxy, cache layer,
webserver, etc.).
I would
Hi,
we want to roll-out 1.7.8 in production (upgrading from 1.6.8).
While preparing the update (reading changelog/mailinglist/git log,
searching for known issues etc.), i stumbled upon this:
https://www.mail-archive.com/haproxy@formilux.org/msg26282.html
I don't know if i'm interpreting
2017-08-01 10:47 GMT+02:00 Thierry Fournier <thierry.fourn...@arpalert.org>:
>
>> On 31 Jul 2017, at 22:41, bjun...@gmail.com wrote:
>>
>> Hi,
>>
>> i'm experimenting with some Lua code in HAProxy where i need a simple
>> key/value store (not persist
Hi,
i'm experimenting with some Lua code in HAProxy where i need a simple
key/value store (not persistent). I want to avoid Redis or other external
dependency.
Is there some sort of shared memory segment in HAProxy Lua integration that
can be used? (or is it possible to access HAProxy
Hi,
i've an issue that was already posted some time ago (i'm using HAProxy
1.7.8):
https://discourse.haproxy.org/t/core-msleep-not-working-in-
http-resp-http-response
It seems that sleep is completely ignored, but the connection hangs as long
as the value in "timeout connect".
2017-07-29 16:57 GMT+02:00 Charlie Elgholm :
> Ok, but anyhow, this actually means that I can use http-response to do
> something on the response. That's good. I'll play with it for a while on my
> dev-server. Nice!
>
> Version can be upgraded, of course, if I can just
Am Freitag, 5. August 2016 schrieb CJ Ess :
> So I know I can use Haproxy to send 429s when a given request rate is
> exceeded.
>
> I have a case where the "user" is mostly screen scrapers and click bots,
> so if I return a 429 they'll just turn around and re-request until
> successful - I can't
2016-02-10 8:17 GMT+01:00 Willy Tarreau <w...@1wt.eu>:
> On Tue, Feb 09, 2016 at 06:10:01PM +0100, bjun...@gmail.com wrote:
> > Hi,
> >
> > i'm currently testing 1.6.3 and request body logging. I'm wondering that
> > logging of req body even works without settin
Hi,
i'm currently testing 1.6.3 and request body logging. I'm wondering that
logging of req body even works without setting "option
http-buffer-request". Also "no option http-buffer-request" seems to have no
effect.
Is this intended or have i missed something?
simplified config:
frontend
Hi,
when a healthcheck ("fall 2") on a backend server is failing, the status of
the backend is changing to "DRAIN 1/2" (I do not manually set the DRAIN
state nor do i have agent-check's)
Does that mean that for the period till the next healthcheck, the server is
completely removed from load
2015-12-02 17:31 GMT+01:00 Olivier Doucet :
>
>
> 2015-12-02 17:25 GMT+01:00 Olivier Doucet :
>
>>
>> 2015-12-02 15:44 GMT+01:00 Michel Blanc :
>>
>>> Very good idea.
>>>
>>> Do you plan creating a git repo somewhere so people can
2015-09-11 10:55 GMT+02:00 Baptiste :
> On Fri, Sep 11, 2015 at 10:41 AM, Tim Verhoeven
> wrote:
> > Hello everyone,
> >
> > I'm mostly passive on this list but a happy haproxy user for more then 2
> > years.
> >
> > Now, we are going to migrate our
2015-07-13 18:07 GMT+02:00 bjun...@gmail.com bjun...@gmail.com:
Hi,
i'm using stick-tables to track requests and block abusers if needed.
Abusers should be blocked only for a short period of time and i want a
stick-table entry to expire.
Therefore, i have to check if the client is already
2015-07-16 21:04 GMT+02:00 Vincent Bernat ber...@luffy.cx:
❦ 13 juillet 2015 19:58 +0200, Vincent Bernat ber...@luffy.cx :
I suppose that either -ldl could be added to OPTIONS_LDFLAGS append,
like this is done for -lm. Or USE_DL section could be moved towards the
end. I think the first
Hi,
i'm trying to build HAProxy 1.6 (git HEAD) with Lua (5.3.1) on Ubuntu 14.04.
This was my first try:
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=yes
LUA_LIB=/opt/lua53/lib/ LUA_INC=/opt/lua53/include/ LDFLAGS=-ldl
resulting error:
.
.
.
gcc -ldl -o haproxy
Hi,
i'm using stick-tables to track requests and block abusers if needed.
Abusers should be blocked only for a short period of time and i want a
stick-table entry to expire.
Therefore, i have to check if the client is already marked as an
abuser and do not track this client.
example config:
Hi,
is there any workaround if updating to 1.5.14 isn't possible
immediately (for ex. disable http pipelining?)
---
Best Regards / Mit freundlichen Grüßen
Bjoern
Hi Holger,
tcp-response content track- / http-response track- would be a nice
feature, don't know if this is on the roadmap.
For the moment i can only imagine the following (needs HAProxy 1.6):
http-response lua script.lua
Within this Lua function, you check the http response code and
-
---
Bjoern
2015-06-19 19:37 GMT+02:00 PiBa-NL piba.nl@gmail.com:
try it with: math.rand(1000)
bjun...@gmail.com schreef op 19-6-2015 om 14:15:
Hi,
i've tried Thierry's example:
function delay_request(txn)
core.msleep(1000 + txn.f.rand(1000))
end
Hi,
i want to delay specific requests and i want to have a random delay
for every request (for example in a range from 1000ms - 2000ms)
As an ugly hack, you can use the following (with a static value):
tcp-request inspect-delay 2000ms
tcp-request content accept if WAIT_END
I think i can
Hi,
i would like to redirect the following urls with HAProxy:
www.example.at.prod.site.local - m.example.at
www.example.de.prod.site.local - m.example.de
.
.
.
.
apache mod_rewrite-rule:
RewriteCond %{HTTP_HOST} ^(www\.)?example\.([a-z]{2,3}).prod\.site\.local$ [NC]
RewriteRule ^/(.*)$
2014-09-04 14:33 GMT+02:00 bjun...@gmail.com bjun...@gmail.com:
Hi,
i'm using the following in a backend to rate-limit spider or bad
behavior clients:
backend be_spider
tcp-request inspect-delay 2000ms
tcp-request content accept if WAIT_END
server node01 192.168.1.10:80
Hi,
i'm using the following in a backend to rate-limit spider or bad
behavior clients:
backend be_spider
tcp-request inspect-delay 2000ms
tcp-request content accept if WAIT_END
server node01 192.168.1.10:80 maxconn {LOWVALUE}
If now an abuser/spider/crawler is making many
2014-08-25 18:58 GMT+02:00 bjun...@gmail.com bjun...@gmail.com:
2014-08-20 19:33 GMT+02:00 bjun...@gmail.com bjun...@gmail.com:
2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com:
On 08/18/2014 05:49 PM, Baptiste wrote:
On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun
2014-09-03 11:36 GMT+02:00 Baptiste bed...@gmail.com:
Hi,
it's working now with the following workaround (config simplified):
frontend http_in_01
bind 0.0.0.0:80
http-request set-header X-Concat
%[req.fhdr(User-Agent)]_%[req.fhdr(host)]
acl is_found
2014-08-20 19:33 GMT+02:00 bjun...@gmail.com bjun...@gmail.com:
2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com:
On 08/18/2014 05:49 PM, Baptiste wrote:
On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun...@gmail.com
wrote:
Hi,
i was digging through some old threads:
http
2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com:
On 08/18/2014 05:49 PM, Baptiste wrote:
On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun...@gmail.com
wrote:
Hi,
i was digging through some old threads:
http://t53814.web-haproxy.webtalks.info/help-with-tcp-request-content
Thanks Emeric, brilliant idea.
I will try this configuration.
---
Bjoern
2014-08-18 18:49 GMT+02:00 Emeric Brun eb...@haproxy.com:
On 08/18/2014 05:49 PM, Baptiste wrote:
On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com bjun...@gmail.com
wrote:
Hi,
i was digging through some
Hi,
i was digging through some old threads:
http://t53814.web-haproxy.webtalks.info/help-with-tcp-request-content-track-sc1-t53814.html
http://marc.info/?l=haproxym=139458469126719w=2
I have the same requirement and want to track not only on src (source
ip), i want to concatenate src +
2014-08-07 1:16 GMT+02:00 Cyril Bonté cyril.bo...@free.fr:
Hi Bjoern,
Le 06/08/2014 22:16, bjun...@gmail.com a écrit :
Hi Mark,
trying to test this one, but if i use the frontend/backend-syntax
(and not the listen-syntax) with external-check command, HAProxy
segfaults :
# /usr/local
2014-08-04 11:44 GMT+02:00 Mark Brooks m...@loadbalancer.org:
We have started doing some testing with the external health check
functionality but unfortunately we cannot get the real servers to be
marked as online when using this feature.
This was tested with haproxy-ss-20140720
When using
Hi folks,
I've a question regarding the ordering/processing of ACL’s.
Example (HAProxy 1.4.24):
frontend http_in
.
.
acl is_example.com hdr_beg(host) -i example.com
acl check_id url_reg code=(1001|1002|)
acl check_id url_reg code=(3000|4001|)
Hi,
i'm trying a basic redirect with HAProxy:
frontend http
acl is_domain hdr_dom(host) -i abc.example.com
acl root path_reg ^$|^/$
redirect location http://abc.example.com/?code=1234 code 301 if
is_domain root
Unfortunately this ends up in a redirect loop.
I suspect
Hi Willy,
same problem as mentioned here:
http://comments.gmane.org/gmane.comp.web.haproxy/7172
I've tried for three days in a row.
P.S.: 1.5-dev22 is not linked on the front page, is this intended ?
---
Bjoern
I'm using 1.4.24.
I've tested some cases in the meantime, but these tests don't give a clear
answer.
Anybody an idea ?
2013/6/26 bjun...@gmail.com bjun...@gmail.com
Hi folks,
i've a question regarding use_backend and how conditions are processed.
My Example:
frontend
Hi folks,
i've a question regarding use_backend and how conditions are processed.
My Example:
frontend http_in_01
bind 1.2.3.4:80
log global
option httplog
capture request header Host len 32
capture request header User-Agent len 200
reqidel
Hi folks,
we want to use http keep-alive + content-switching with HAProxy.
I would like to ask if it's safe to use content-switching with http
keep-alive when we use option http-server-close ?
We want to use content-switching with standard matching criteria's (
hdr_dom(host), url_reg ).
everybody will be aware that
the issue is not related to HAProxy
cheers
On Fri, Sep 28, 2012 at 3:15 PM, bjun...@gmail.com bjun...@gmail.com
wrote:
Hi,
thanks Baptiste, you were right.
apache error logs:
[Fri Sep 28 14:45:08 2012] [notice] child pid 24745 exit signal
59 matches
Mail list logo