Re: http-ignore-probes produces a warning in tcp frontend

2016-02-04 Thread Dmitry Sivachenko
> On 04 Feb 2016, at 07:04, Willy Tarreau wrote: > > Hello Dmitry, > > On Thu, Jan 28, 2016 at 05:31:58PM +0300, Dmitry Sivachenko wrote: >> Hello, >> >> I have an option http-ignore-probes in defaults section. >> When I declare frontend in "tcp" mode, I get the following

Re: Protecting against slow HTTP POST queries

2016-02-04 Thread Baptiste
On Thu, Feb 4, 2016 at 9:44 AM, Sylvain Faivre wrote: > Hi, > > Is there a timeout setting in HAproxy that can help protect against slow > HTTP POST queries ? > > I'm not talking about "slow loris" type attacks (where the client sleeps > between request headers) but

Simulation et guide offert

2016-02-04 Thread Loi Pinel
Afficher la version web. (http://trk.mix.jajaris.fr/view/uK8-6HFFI.php) | Annuler votre abonnement. (http://trk.mix.jajaris.fr/usb/uK8-6HFFI.php) | Signaler comme courrier indésirable. (mailto:ab...@dgcnit.fr) http://trk.mix.jajaris.fr/tk/uK8-6HFFI-wp3.php

[PATCH] MAJOR: ssl: add 'tcp-fallback' bind option for SSL listeners

2016-02-04 Thread Christopher Faulet
>From a3b372da2463e98b13e016c9b56344757b0e94bc Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Wed, 29 Jul 2015 16:01:57 +0200 Subject: [PATCH] MAJOR: ssl: add 'tcp-fallback' bind option for SSL listeners This option can be use to fall back on TCP when a non-SSL

Re: Protecting against slow HTTP POST queries

2016-02-04 Thread Sylvain Faivre
On 02/04/2016 12:06 PM, Baptiste wrote: On Thu, Feb 4, 2016 at 9:44 AM, Sylvain Faivre wrote: Hi, Is there a timeout setting in HAproxy that can help protect against slow HTTP POST queries ? >> [...] please run the same test against HAProxy 1.6 and enable

[PATCH] BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates

2016-02-04 Thread Christopher Faulet
>From 5d3a89943c9eb855837c0d606ae361825b6e2800 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Thu, 12 Nov 2015 11:35:51 +0100 Subject: [PATCH] BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates The serial number for a generated certificate

Protecting against slow HTTP POST queries

2016-02-04 Thread Sylvain Faivre
Hi, Is there a timeout setting in HAproxy that can help protect against slow HTTP POST queries ? I'm not talking about "slow loris" type attacks (where the client sleeps between request headers) but "slow HTTP POST" (where the client sleeps between POST data lines). Here is an example :