Su acceso ha sido bloqueado

[Santander]

Nuestro sistema ha detectado un error en su 
cuenta y para su seguridad, hemos bloqueado temporalmente el acceso al usuario. Usted es 
requerida para verificar sus datos de seguridad con el fin de desbloquear el acceso. siga
el siguiente enlace

Comprobar ahora

Si usted no verifica sus datos de seguridad dentro de las 48 horas, 
se bloqueará permanentemente su cuenta.
Gracias
Banco Santander S.A. Todos los derechos reservados.

Re: limit connections by header

[Ricardo Fraile]

Hello,

I'm interested on it too.

Thanks,

Re: limit connections by header

[Den Bozhok]

 Well, now I know how to count connections by user`s header: stick-table type string size 32m expire 1m store conn_curtcp-request content track-sc0 hdr(X-User-Id)acl limit_x_user_id sc0_conn_cur gt 500 so acl is created, but I`m only know how to drop connection if it already reached his maximum, but is it possible to push connection to the queue and pull it when limit is passed? 12.08.2014, 11:44, "Ricardo Fraile" rfra...@yahoo.es:Hello, I'm interested on it too. Thanks,

Re: limit connections by header

[Thierry FOURNIER]

On Tue, 12 Aug 2014 13:29:45 +0400
Den Bozhok undyin...@yandex.ru wrote:

  
 Well, now I know how to count connections by user`s header:
  
 stick-table type string size 32m expire 1m store conn_cur
 tcp-request content track-sc0 hdr(X-User-Id)
 acl limit_x_user_id sc0_conn_cur gt 500
  
 so acl is created, but I`m only know how to drop connection if it already 
 reached his maximum, but is it possible to push connection to the queue and 
 pull it when limit is passed?
  


Hello,

For information, you can also store the connection rate in the stick
table like this:

   stick-table type string size 32m expire 1m store http_req_rate(1s)
   tcp-request content track-sc0 hdr(X-User-Id)
   acl limit_x_user_id sc0_http_req_rate gt 1 # limit to one request per second 
/ per user

The acl to drop the connection is:

   http-request KEYWORD if { limit_x_user_id }

KEYWORD can be:

   tarpit if you want to slow down this user
   redirect if you want to redirect the user to an information page

You can also use block if { limit_x_user_id } to send a 403 to the user.

Thierry



 12.08.2014, 11:44, Ricardo Fraile rfra...@yahoo.es:
   Hello,
    
   I'm interested on it too.
    
   Thanks,

Re: limit connections by header

[Den Bozhok]

Wow! Thanks a lot for this information, it`s very useful.From documentation "tarpit" returns 500 when timeout is reached. Is it possible to change response code? 500 it`s not the best code for timeout :) Thanks again 12.08.2014, 14:18, "Thierry FOURNIER" tfourn...@haproxy.com:On Tue, 12 Aug 2014 13:29:45 +0400Den Bozhok undyin...@yandex.ru wrote:   Well, now I know how to count connections by user`s header:   stick-table type string size 32m expire 1m store conn_cur tcp-request content track-sc0 hdr(X-User-Id) acl limit_x_user_id sc0_conn_cur gt 500   so acl is created, but I`m only know how to drop connection if it already reached his maximum, but is it possible to push connection to the queue and pull it when limit is passed?  Hello,For information, you can also store the connection rate in the sticktable like this:   stick-table type string size 32m expire 1m store http_req_rate(1s)   tcp-request content track-sc0 hdr(X-User-Id)   acl limit_x_user_id sc0_http_req_rate gt 1 # limit to one request per second / per userThe acl to drop the connection is:   http-request KEYWORD if { limit_x_user_id }KEYWORD can be:   "tarpit" if you want to slow down this user   "redirect" if you want to redirect the user to an information pageYou can also use "block if { limit_x_user_id }" to send a 403 to the user.Thierry 12.08.2014, 11:44, "Ricardo Fraile" rfra...@yahoo.es:   Hello,   I'm interested on it too.   Thanks,

The invitation——14th China Lighting Fair

[Lighting Fair]

RE: question about refresh page

[Andrey Zakabluk]

Can help me?

From: Andrey Zakabluk [mailto:a.zakab...@velcom.by]
Sent: Friday, July 18, 2014 11:16 AM
To: haproxy
Subject: question about refresh page

Hi ! I use
HA-Proxy version 1.5.1 2014/06/24
Copyright 2000-2014 Willy Tarreau w...@1wt.eumailto:w...@1wt.eu

Build options :
  TARGET  = linux2628
  CPU = generic
  CC  = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing
  OPTIONS =

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built without zlib support (USE_ZLIB not set)
Compression algorithms supported : identity
Built without OpenSSL support (USE_OPENSSL not set)
Built without PCRE support (using libc's regex instead)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND

Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.


Use for balancing http request for many web applications. All work good but I 
have one small bug. For example:
I use backend vix
I open page in browser for this backend and work without problems. I go , for 
example , page abonent1 after this I am open new tab in the browser and open 
VIX on the page abonent 2 and . I am return to tab for abonent 1. I do 
refresh page and ! ! I see page for abonent2 - second tab browser. I think what 
reason this situation Cookies. Can I will win this is action? And maybe we can 
suggest improvements my config file. Merci!
-
global
daemon
#nbproc 2
maxconn 2
log 127.0.0.1 local0 debug
stats socket  /haproxy/socket/haproxy.sock mode 0600 level admin
defaults
mode http
timeout connect 5s
timeout client 900s
timeout server 900s
option http-server-close
option contstats
# frontend
frontend http-in
bind *:80
mode http
option httplog
log global
   capture cookie VIX_SID len 32
   capture request header Host len 15
   capture request header X-Forwarded-For len 15
   capture request header Referrer len 15
   capture request header User-Agent len 15
   capture response header Content-length len 9
   capture response header Location len 15
#ACL-s for /custcare_cu /custcare_bp /ax  /omx  /vix  /cto-prod 
/cso(morch)

# acl CX(custcare_cu)
acl is_custcare_cu url_beg /custcare_cu

# acl CX(custcare_bp)
acl is_custcare_bp url_beg /custcare_bp

# acl AX
acl is_ax url_beg /ax

# acl OMX
acl is_omx url_beg /omx

# acl CTO
acl is_cto url_beg /cto

# acl cso(morch)
acl is_cso url_beg /cso
acl is_asp url_beg /ASP
# VIX-s
default_backend vix

# use_backends
use_backend custcare_cu if is_custcare_cu
use_backend custcare_bp if is_custcare_bp
use_backend ax if is_ax
use_backend omx if is_omx
use_backend cto if is_cto
use_backend cso if is_cso
use_backend cso if is_asp
#use_backend vix if is_vix


#backends


backend custcare_cu
balance leastconn
cookie CCARE_SID insert indirect nocache maxlife 24h maxidle 8h
server s1cm1_cx_cu s1cm1:8088 check port 8088 cookie cx_cu3 weight 100
server s2cm2_cx_cu s2cm2:8088 check port 8088 cookie cx_cu2 weight 100
stats enable


backend custcare_bp
balance leastconn
cookie BCARE_SID insert indirect nocache maxlife 24h maxidle 8h
server s1cm1_cx_bp s1cm1:8088 check port 8088 cookie cx_bp3 weight 100
server s2cm2_cx_bp s2cm2:8088 check port 8088 cookie cx_bp2 weight 100
stats enable


backend ax
balance leastconn
cookie AX_SID insert indirect nocache maxlife 24h maxidle 8h
server s1cm1_ax s1cm1:8088 check port 8088 cookie ax1 weight 100
server s2cm2_ax s2cm2:8088 check port 8088 cookie ax2 weight 100
stats enable

backend omx
balance leastconn
cookie OMX_SID insert indirect nocache maxlife 24h maxidle 8h
server s1cm1_omx s1cm1:8088 check port 8088 cookie omx1 weight 100
server s2cm2_omx s2cm2:8088 check port 8088 cookie omx2 weight 100
stats enable

backend cto
balance leastconn
cookie CTO_SID insert indirect nocache maxlife 24h maxidle 8h
server s1cm1_cto s1cm1:8037 check port 8037 cookie cto1 weight 100 backup
server s2cm2_cto s2cm2:8037 check port 8037 cookie cto2 weight 100
stats enable



backend cso
balance leastconn
cookie CSO_SID insert indirect nocache maxlife 24h maxidle 8h
server s1morch1_cso s1morch1:8080 check port 8080 cookie cso1 weight 100 backup
server s2morch2_cso s2morch2:8080 check port 8080 cookie cso2 weight 100
stats enable

backend vix
balance leastconn
#balance roundrobin
cookie VIX_SID insert indirect nocache maxlife 24h maxidle 8h
server s1cm1_29 s1cm1:29080 check port 29080 cookie we1xx weight 100
server s2cm2_29 s2cm2:29080 check port 29080 cookie we2xx weight 100
server s1cm1_28 s1cm1:28080 check port 28080 cookie we3xx weight 100

Guzhen Lighting Fair — Wholesale Price and High Quailty Lighting Products

[Lighting Fair]

Re: rewriting request URI and redirecting using maps?

[O'Shaughnessy Evans]

On Aug 7, 2014, at 3:17 PM, O'Shaughnessy Evans sh...@wumpus.org wrote:
 Hello. I'm having trouble working out a way to rewrite a request URI and do a 
 redirect with haproxy.
 
 I have rules like this:
 
 http-request   add-header X-Forwarded-Proto http  if !{ ssl_fc }
 http-request   add-header X-Forwarded-Proto https if { ssl_fc }
 http-request   redirect prefix 
 %[hdr(X-Forwarded-Proto)]://%[capture.req.uri,map_reg(/usr/local/etc/haproxy/cdn-hosts.lst)]
  drop-query
 reqrep^([^\ ]*)\ /cdn/([^/]*)/(.*)  \1\ /\3
 
 In cdn-hosts.lst, I have this:
 
 /[^/]+/A/.+   cdnA
 /[^/]+/B/.+   cdnB
 
 ...
 So is there another way to perform this kind of magic with haproxy? Right now 
 I have dozens of static rules where I use reqrep and ACLs, listing each CDN 
 endpoint. I'd like to get away from that and limit my maintenance to a map 
 file.
 
 I appreciate any insight. Thanks.

Hello, all. I just wanted to report that I solved this. I thought the solution 
might be useful to others.

Haproxy 1.5.1 and newer (I think) support http-request replace-header. So I 
added a new header, rewrote it, then used the result to issue my redirect. All 
of this can be done at the stage where http-request does its processing. The 
result looks like this:

http-request add-header X-Forwarded-Proto http  if 
!{ ssl_fc }
http-request add-header X-Forwarded-Proto https if 
{ ssl_fc }

http-request set-header X-Location-Host 
%[capture.req.uri,map_reg(/usr/local/etc/haproxy/cdn-hosts.lst)]
# if no host was found in the map, fall back to using the original
http-request replace-header X-Location-Host ^$ %[hdr(Host)]

# rewrite the new request URI:
# strip /whatever/alias/ from the beginning of the redirect URI
http-request set-header  X-Location-Path %[capture.req.uri]
http-request replace-header   X-Location-Path [^/]+/[^/]+/(.*) \1

# redirect to the Location header we built up
http-request redirect   location 
%[hdr(X-Forwarded-Proto)]://%[hdr(X-Location-Host)]/%[hdr(X-Location-Path)] 
drop-query

To Willy and the other haproxy contributors, thanks so much for this software. 
I've been using it for 2 years now and the more I use it, the more I've grown 
to appreciate it. The improvements in the 1.5 branch are great and have given 
me some very nice ways to clean up my configs.

Archaeology 2015 :Ancient Cultures Clash in the Lands of the Bible

[Archaeology Conference 2015]

If you received this mail by mistake, please press
http://archeologyseminar2015.org/info/unsubscribe.php?M=176515C=0905f323f534872c46c0983468bf9480L=11N=12
me from this listt

Announcement  and  invitation*

To the International Conference on

Archaeology 2015 :

Ancient Cultures in the Lands of the Bible

(Jerusalem, June 2015)

*And a call for Abstracts:

The scientific committee of the conference invites reaserchers and experts
to submit abstracts on the conference topics.

The list of topics is presented on the conference
web-site:http://archeologyseminar2015.org/info/link.php?M=176515N=12L=5F=T
More details on the conference are available on the site:
http://archeologyseminar2015.org/info/link.php?M=176515N=12L=5F=T