On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: > > .) the patches apply only on haproxy 1.8 because some files does not exists > > on 1.7 ( e. g. include/proto/spoe.h ) > > > Ok. I think that SPOE was introduced in 1.7, obviously I'm wrong.
No, it was introduced in 1.7 but there were some improvements later (like pipelining etc). (...) > > .) How can the rule-set be reloaded? stop & start || gracefully? > > > I do not process this part. Today, you must stop and start the process. The > graceful doesn't exists. > I guess than the graceful can be implemented easily. You can ensure the > availability of the > SPOA Modsec using the properties of the HAProxy backend. Actually that's a very good point. I think it would even be possible to ensure a graceful shutdown using disable-on-404 or using an agent so that you can roll the restart over multiple WAF nodes. Willy
