On Tue, Nov 02, 2010 at 05:40:48PM -0400, John T Skarbek wrote:
> I'm going to assume yes, mine looks a little different (PRNN vs PR--)most
> likely due to the fact I'm not sending cookies in this test setup, here's
> what I log each time I hit the site without SSL:
>
> Nov 2 17:32:51 whoopsie ha
I'm going to assume yes, mine looks a little different (PRNN vs PR--)most
likely due to the fact I'm not sending cookies in this test setup, here's
what I log each time I hit the site without SSL:
Nov 2 17:32:51 whoopsie haproxy[3540]: :33058
[02/Nov/2010:17:32:51.527] site0 site0/ 1/-1/-1/-1/1 3
Hi John and the list,
Thanks for sharing your config I have a similar one and it work's BUT
In the haprosy log file I get one log entry with flag PR when I hit the SSL
site with port 80
Nov 2 17:09:39 localhost haproxy[10021]:
1.1.1.1:1680[02/Nov/2010:17:09:39.246] DISPATCH-lb2
DISPATCH-lb2/ 4/
Hey guys,
Thanks for the input. I ended up settling on the following configuration
type:
in haproxy:
listen something.com
bind 172.168.1.1:80
acl acl_port_80 dst_port eq 80
acl acl_secure hdr(amISecure) YES
cookie SERVERID insert indirect nocache
redirect
On Sat, Jul 03, 2010 at 11:23:16AM -0400, John T Skarbek wrote:
> Chris,
>
> Thanks for responding. I had thought of the option you mention. However I
> discontinued it quickly. The reason I'm not a big fan, is that those header
> values can be hacked quite easily. Granted the end user (hacker
Ive done something similar (dont remmber config details now, sorry),
basically lighttpd was used as frontend for both http and https traffic
(i used it for compressing too) it:
1.Removed header called "SSL"
2. Added "SSL: Yes"
So even if someone sends evil headers they will get removed
or u can p
On 7/3/10 9:51 AM, John T Skarbek wrote:
Good Morning,
I'm testing out a solution to use nginx for ssl decryption to pass off
requests to haproxy. During the thought process of everything, and
later during testing, I noticed that all I'd need to do in the clients
web browser is to simply ta
Chris,
Thanks for responding. I had thought of the option you mention. However I
discontinued it quickly. The reason I'm not a big fan, is that those header
values can be hacked quite easily. Granted the end user (hacker) may not
know the specific value that must hold. There are even plugins
On 3 Jul 2010, at 14:51, John T Skarbek wrote:
> Good Morning,
>
> I'm testing out a solution to use nginx for ssl decryption to pass off
> requests to haproxy. During the thought process of everything, and later
> during testing, I noticed that all I'd need to do in the clients web browser
Good Morning,
I'm testing out a solution to use nginx for ssl decryption to pass off
requests to haproxy. During the thought process of everything, and later
during testing, I noticed that all I'd need to do in the clients web browser
is to simply take out the 's' on 'https' and all traffic will
10 matches
Mail list logo
