Bid Writing, Fundraising and Volunteering Workshops
NFP WORKSHOPS Affordable Training Courses Bid Writing: The Basics Do you know the most common reasons for rejection? Are you gathering the right evidence? Are you making the right arguments? Are you using the right terminology? Are your numbers right? Are you learning from rejections? Are you assembling the right documents? Do you know how to create a clear and concise standard funding bid? Are you communicating with people or just excluding them? Do you know your own organisation well enough? Are you thinking through your projects carefully enough? Do you know enough about your competitors? Are you answering the questions funders will ask themselves about your application? Are you submitting applications correctly? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95.00 CLICK ON DATE TO BOOK YOUR PLACE MON 10 MAY 2021 MON 24 MAY 2021 MON 07 JUN 2021 MON 21 JUN 2021 MON 05 JUL 2021 MON 19 JUL 2021 Bid Writing: Advanced Are you applying to the right trusts? Are you applying to enough trusts? Are you asking for the right amount of money? Are you applying in the right ways? Are your projects the most fundable projects? Are you carrying out trust fundraising in a professional way? Are you delegating enough work? Are you highly productive or just very busy? Are you looking for trusts in all the right places? How do you compare with your competitors for funding? Is the rest of your fundraising hampering your bids to trusts? Do you understand what trusts are ideally looking for? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95.00 CLICK ON DATE TO BOOK YOUR PLACE TUE 11 MAY 2021 TUE 25 MAY 2021 TUE 08 JUN 2021 TUE 22 JUN 2021 TUE 06 JUL 2021 TUE 20 JUL 2021 Recruiting and Managing Volunteers Where do you find volunteers? How do you find the right volunteers? How do you attract volunteers? How do you run volunteer recruitment events? How do you interview volunteers? How do you train volunteers? How do you motivate volunteers? How do you involve volunteers? How do you recognise volunteers? How do you recognise problems with volunteers? How do you learn from volunteer problems? How do you retain volunteers? How do you manage volunteers? What about volunteers and your own staff? What about younger, older and employee volunteers? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE THU 13 MAY 2021 WED 07 JUL 2021 Legacy Fundraising Why do people make legacy gifts? What are the ethical issues? What are the regulations? What are the tax issues? What are the statistics? What are the trends? How can we integrate legacy fundraising into our other fundraising? What are the sources for research? How should we set a budget? How should we evaluate our results? How should we forecast likely income? Should we use consultants? How should we build a case for support? What media and marketing channels should we use? What about in memory giving? How should we setup our admin systems? What are the common problems & pitfalls? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE THU 27 MAY 2021 WED 21 JUL 2021 Major Donor Fundraising Major Donor Characteristics, Motivations and Requirements. Researching and Screening Major Donors. Encouraging, Involving and Retaining Major Donors. Building Relationships with Major Donors. Major Donor Events and Activities. Setting Up Major Donor Clubs. Asking For Major Gifts. Looking After and Reporting Back to Major Donors. Delivering on Major Donor Expectations. Showing Your Appreciation to Major Donors. Fundraising Budgets and Committees. ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE WED 09 JUN 2021 Corporate Fundraising Who are these companies? Why do they get involved? What do they like? What can you get from them? What can you offer them? What are the differences between donations, sponsorship, advertising and cause related marketing? Are companies just like trusts? How do you find these companies? How do you research them? How do you contact them? How do you pitch to them? How do you negotiate with them? When should you say no? How do you draft contracts? How do you manage the relationships? What could go wrong? What are the tax issues? What are the legal considerations? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE WED 23 JUN 2021 Feedback From Past Attendees I must say I was really impressed with the course and the content. My knowledge and confidence has increased hugely. I got a lot from your course and a lot of pointers! I can say after years of fundraising I learnt so much from your bid writing course. It was a very informative day and for someone who has not written bids before I am definitely more confident to get involved with them. I found the workshops very helpful. It is a whole new area for me but the information you imparted has given me a lot of confidence with the direction I need to take and for that I
Re: [PATCH] CI: Build VTest with clang
On Tue, May 11, 2021 at 06:31:36AM +0500, ??? wrote: > There are vtest build in cirrus and travis as well. > > What if we move vtest building into "scripts/build-vtest.sh" ? That's a good idea, it would also encourage developers to update it by easing its installation. Feel free to propose a patch if you think you can easily test something. Willy
Re: [PATCH] CI: Build VTest with clang
There are vtest build in cirrus and travis as well.
What if we move vtest building into "scripts/build-vtest.sh" ?
On Tue, May 11, 2021, 1:54 AM Tim Duesterhus wrote:
> Willy,
> Ilya,
>
> not tested, but it should be simple enough to not mess it up.
>
> Best regards
> Tim Düsterhus
>
> Apply with `git am --scissors` to automatically cut the commit message.
>
> -- >8 --
> Current VTest master fails to build using gcc, see vtest/VTest#27.
>
> This patch is to be reverted once VTest is fixed.
> ---
> .github/workflows/vtest.yml | 2 +-
> .travis.yml | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml
> index cb52f27d6..1d62f98f3 100644
> --- a/.github/workflows/vtest.yml
> +++ b/.github/workflows/vtest.yml
> @@ -63,7 +63,7 @@ jobs:
> curl -fsSL https://github.com/vtest/VTest/archive/master.tar.gz
> -o VTest.tar.gz
> mkdir VTest
> tar xvf VTest.tar.gz -C VTest --strip-components=1
> -make -C VTest -j$(nproc) FLAGS="-O2 -s -Wall"
> +make -C VTest -j$(nproc) FLAGS="-O2 -s -Wall" CC=clang
> sudo install -m755 VTest/vtest /usr/local/bin/vtest
> - name: Install SSL ${{ matrix.ssl }}
>if: ${{ matrix.ssl && matrix.ssl != 'stock' }}
> diff --git a/.travis.yml b/.travis.yml
> index 1aa415aa8..37b667bc1 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -40,7 +40,7 @@ matrix:
> install:
>- git clone https://github.com/VTest/VTest.git ../vtest
># Special flags due to: https://github.com/vtest/VTest/issues/12
> - - make -C ../vtest FLAGS="-O2 -s -Wall"
> + - make -C ../vtest FLAGS="-O2 -s -Wall" CC=clang
>
> script:
>- make -j$(nproc) ERR=1 TARGET=linux-glibc CC=$CC
> DEBUG=-DDEBUG_STRICT=1 $FLAGS
> --
> 2.31.1
>
>
[PATCH] BUG/MINOR: http_act: Fix normalizer names in error messages
These places were forgotten when the normalizers were renamed.
Bug introduced in 5be6ab269e5606aef954f39d6717b024f97b3789, which is 2.4. No
backport needed.
---
src/http_act.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/http_act.c b/src/http_act.c
index b8413f331..96ac8f87b 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -401,7 +401,7 @@ static enum act_parse_ret parse_http_normalize_uri(const
char **args, int *orig_
rule->action = ACT_NORMALIZE_URI_PATH_STRIP_DOTDOT;
}
else if (strcmp(args[cur_arg], "if") != 0 &&
strcmp(args[cur_arg], "unless") != 0) {
- memprintf(err, "unknown argument '%s' for 'dotdot'
normalizer", args[cur_arg]);
+ memprintf(err, "unknown argument '%s' for
'path-strip-dotdot' normalizer", args[cur_arg]);
return ACT_RET_PRS_ERR;
}
}
@@ -421,7 +421,7 @@ static enum act_parse_ret parse_http_normalize_uri(const
char **args, int *orig_
rule->action = ACT_NORMALIZE_URI_PERCENT_TO_UPPERCASE;
}
else if (strcmp(args[cur_arg], "if") != 0 &&
strcmp(args[cur_arg], "unless") != 0) {
- memprintf(err, "unknown argument '%s' for
'percent-upper' normalizer", args[cur_arg]);
+ memprintf(err, "unknown argument '%s' for
'percent-to-uppercase' normalizer", args[cur_arg]);
return ACT_RET_PRS_ERR;
}
}
--
2.31.1
Re: [PATCH] CI: Build VTest with clang
Willy, On 5/10/21 11:02 PM, Willy Tarreau wrote: Ah thank you Tim, I was also a bit annoyed by the recent failures. I've just pushed it, let's see if it works! Okay, at least VTest builds again. Perfect. Unfortunately some flaky tests are back :-( Best regards Tim Düsterhus
Re: [PATCH] spell check fixes
On Mon, May 10, 2021 at 12:51:45PM +0500, ??? wrote: > Hello, > > yet another spell check improvements. Merged, thanks Ilya! Willy
Re: Inconsistent reading of txn vars from Lua script
On Mon, May 10, 2021 at 10:41:36PM +0200, Willy Tarreau wrote:
> > core.register_action("auth", { "http-req" }, function(txn)
> > txn:set_var("txn.code", 401, true)
So the problem is exactly here and it works as designed. This
argument "ifexist" was added a year ago to avoid Lua allocating
random variable names:
4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`")
What the "true" argument does here is to refrain from creating
the variable if it does not exist. After you look it up from the
service, the variable gets created and it exists, hence why it
then works next times.
If you want it to always be created (which I assume you want
to), just drop this argument or explicitly set it to false.
Willy
Re: [PATCH] CI: Build VTest with clang
On Mon, May 10, 2021 at 10:54:31PM +0200, Tim Duesterhus wrote: > Willy, > Ilya, > > not tested, but it should be simple enough to not mess it up. Ah thank you Tim, I was also a bit annoyed by the recent failures. I've just pushed it, let's see if it works! Wlily
[PATCH] CI: Build VTest with clang
Willy,
Ilya,
not tested, but it should be simple enough to not mess it up.
Best regards
Tim Düsterhus
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
Current VTest master fails to build using gcc, see vtest/VTest#27.
This patch is to be reverted once VTest is fixed.
---
.github/workflows/vtest.yml | 2 +-
.travis.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml
index cb52f27d6..1d62f98f3 100644
--- a/.github/workflows/vtest.yml
+++ b/.github/workflows/vtest.yml
@@ -63,7 +63,7 @@ jobs:
curl -fsSL https://github.com/vtest/VTest/archive/master.tar.gz -o
VTest.tar.gz
mkdir VTest
tar xvf VTest.tar.gz -C VTest --strip-components=1
-make -C VTest -j$(nproc) FLAGS="-O2 -s -Wall"
+make -C VTest -j$(nproc) FLAGS="-O2 -s -Wall" CC=clang
sudo install -m755 VTest/vtest /usr/local/bin/vtest
- name: Install SSL ${{ matrix.ssl }}
if: ${{ matrix.ssl && matrix.ssl != 'stock' }}
diff --git a/.travis.yml b/.travis.yml
index 1aa415aa8..37b667bc1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -40,7 +40,7 @@ matrix:
install:
- git clone https://github.com/VTest/VTest.git ../vtest
# Special flags due to: https://github.com/vtest/VTest/issues/12
- - make -C ../vtest FLAGS="-O2 -s -Wall"
+ - make -C ../vtest FLAGS="-O2 -s -Wall" CC=clang
script:
- make -j$(nproc) ERR=1 TARGET=linux-glibc CC=$CC DEBUG=-DDEBUG_STRICT=1
$FLAGS
--
2.31.1
Re: Inconsistent reading of txn vars from Lua script
On Mon, May 10, 2021 at 07:59:56AM -0300, Joao Morais wrote:
> Hello again! Here are the snippets running with 2.4-dev18 - docker image
> haproxy:2.4-dev18-alpine:
>
> $ cat h.cfg
> global
> log stdout format raw local0
> lua-load /tmp/h/svc1.lua
> lua-load /tmp/h/svc2.lua
> defaults
> timeout server 1m
> timeout client 1m
> timeout connect 5s
> log global
> listen l
> mode http
> bind :8000
> option httplog
> http-request lua.auth
> http-request use-service lua.send-failure
>
> $ cat svc1.lua
> core.register_action("auth", { "http-req" }, function(txn)
> txn:set_var("txn.code", 401, true)
> end, 0)
>
> $ cat svc2.lua
> core.register_service("send-failure", "http", function(applet)
> response = applet:get_var("txn.code")
> if response ~= nil then
> applet:set_status(response)
> else
> applet:set_status(403)
> end
> applet:add_header("Content-Length", 0)
> applet:add_header("Content-Type", "text/plain")
> applet:start_response()
> end)
>
> Now curl'ing the config above:
>
> $ curl -i localhost:8000
> HTTP/1.1 403 Forbidden
> content-type: text/plain
> content-length: 0
>
> $ curl -i localhost:8000
> HTTP/1.1 401 Unauthorized
> content-type: text/plain
> content-length: 0
>
> The first run is always a 403 which means that the reading of the txn.code
> retuned nil, all the next attempts correctly returns 401. Maybe I'm missing
> some kind of initialization here? Otherwise I'm happy to provide this as a
> GitHub issue.
I can reproduce it. I agree there's something odd, as it means that
there is some random matching or that something is not properly
initialized. I suspect that a vars field isn't properly initialized
somewhere. I'm investigating, thanks for the report!
Willy
Re: [PATCH] CLEANUP: cli/activity: Remove double spacing in set profiling
On Mon, May 10, 2021 at 03:52:26PM -0400, Daniel Corbett wrote:
> It was found that when viewing the help output from the CLI that
> "set profiling" had 2 spaces in it, which was pushing it out from
> the rest of similar commands.
>
> i.e. it looked like this:
> prepare acl
> prepare map
> set profiling{auto|on|off}
> set dynamic-cookie-key backend
> set map [|#]
> set maxconn frontend
Ah yes you're right. I noticed it before the sorting of the help and
left it as I found that in the end it used to align the words with
the previous "show". But now it's pointless and disturbing.
Seeing that we're discussing spaces in help messages is a good hint
that there's not that much dust left :-)
Applied, thanks!
Willy
[PATCH] CLEANUP: cli/activity: Remove double spacing in set profiling
Hello,
It was found that when viewing the help output from the CLI that
"set profiling" had 2 spaces in it, which was pushing it out from
the rest of similar commands.
i.e. it looked like this:
prepare acl
prepare map
set profiling{auto|on|off}
set dynamic-cookie-key backend
set map [|#]
set maxconn frontend
This patch removes all of the double spaces within the command and
unifies them to single spacing, which is what is observed within the
rest of the commands.
Thanks,
-- Daniel
0001-CLEANUP-cli-activity-Remove-double-spacing-in-set-pr.patch
Description: Binary data
[PATCH 2/2] MINOR: uri_normalizer: Add `fragment-encode` normalizer
This normalizer encodes '#' as '%23'.
See GitHub Issue #714.
---
doc/configuration.txt | 9 +++
include/haproxy/action-t.h | 1 +
include/haproxy/uri_normalizer.h | 1 +
reg-tests/http-rules/normalize_uri.vtc | 36 +-
src/http_act.c | 22
src/uri_normalizer.c | 35 +
6 files changed, 103 insertions(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 00749e5ee..bc63f51e5 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6172,6 +6172,7 @@ http-request early-hint [ { if | unless }
]
See RFC 8297 for more information.
http-request normalize-uri [ { if | unless } ]
+http-request normalize-uri fragment-encode [ { if | unless } ]
http-request normalize-uri fragment-strip [ { if | unless } ]
http-request normalize-uri path-merge-slashes [ { if | unless } ]
http-request normalize-uri path-strip-dot [ { if | unless } ]
@@ -6210,6 +6211,14 @@ http-request normalize-uri query-sort-by-name [ { if |
unless } ]
The following normalizers are available:
+ - fragment-encode: Encodes "#" as "%23".
+
+ The "fragment-strip" normalizer should be preferred, unless it is known
+ that broken clients do not correctly encode '#' within the path
component.
+
+ Example:
+ - /#foo -> /%23foo
+
- fragment-strip: Removes the URI's "fragment" component.
According to RFC 3986#3.5 the "fragment" component of an URI should not
diff --git a/include/haproxy/action-t.h b/include/haproxy/action-t.h
index 56ac32f7f..d4fc3f6da 100644
--- a/include/haproxy/action-t.h
+++ b/include/haproxy/action-t.h
@@ -112,6 +112,7 @@ enum act_normalize_uri {
ACT_NORMALIZE_URI_PERCENT_DECODE_UNRESERVED,
ACT_NORMALIZE_URI_PERCENT_DECODE_UNRESERVED_STRICT,
ACT_NORMALIZE_URI_FRAGMENT_STRIP,
+ ACT_NORMALIZE_URI_FRAGMENT_ENCODE,
};
/* NOTE: if <.action_ptr> is defined, the referenced function will always be
diff --git a/include/haproxy/uri_normalizer.h b/include/haproxy/uri_normalizer.h
index fa5d89dd0..b384007f5 100644
--- a/include/haproxy/uri_normalizer.h
+++ b/include/haproxy/uri_normalizer.h
@@ -26,6 +26,7 @@ static inline enum uri_normalizer_err
uri_normalizer_fragment_strip(const struct
return URI_NORMALIZER_ERR_NONE;
}
+enum uri_normalizer_err uri_normalizer_fragment_encode(const struct ist input,
struct ist *dst);
enum uri_normalizer_err uri_normalizer_percent_decode_unreserved(const struct
ist input, int strict, struct ist *dst);
enum uri_normalizer_err uri_normalizer_percent_upper(const struct ist input,
int strict, struct ist *dst);
enum uri_normalizer_err uri_normalizer_path_dot(const struct ist path, struct
ist *dst);
diff --git a/reg-tests/http-rules/normalize_uri.vtc
b/reg-tests/http-rules/normalize_uri.vtc
index 792bea5d4..7e2d7491f 100644
--- a/reg-tests/http-rules/normalize_uri.vtc
+++ b/reg-tests/http-rules/normalize_uri.vtc
@@ -8,7 +8,7 @@ feature ignore_unknown_macro
server s1 {
rxreq
txresp
-} -repeat 66 -start
+} -repeat 70 -start
haproxy h1 -conf {
global
@@ -137,6 +137,18 @@ haproxy h1 -conf {
default_backend be
+frontend fe_fragment_encode
+bind "fd@${fe_fragment_encode}"
+
+http-request set-var(txn.before) url
+http-request normalize-uri fragment-encode
+http-request set-var(txn.after) url
+
+http-response add-header before %[var(txn.before)]
+http-response add-header after %[var(txn.after)]
+
+default_backend be
+
backend be
server s1 ${s1_addr}:${s1_port}
@@ -500,3 +512,25 @@ client c9 -connect ${h1_fe_fragment_strip_sock} {
expect resp.http.before == "*"
expect resp.http.after == "*"
} -run
+
+client c10 -connect ${h1_fe_fragment_encode_sock} {
+txreq -url "/#foo"
+rxresp
+expect resp.http.before == "/#foo"
+expect resp.http.after == "/%23foo"
+
+txreq -url "/#foo/#foo"
+rxresp
+expect resp.http.before == "/#foo/#foo"
+expect resp.http.after == "/%23foo/%23foo"
+
+txreq -url "/%23foo"
+rxresp
+expect resp.http.before == "/%23foo"
+expect resp.http.after == "/%23foo"
+
+txreq -req OPTIONS -url "*"
+rxresp
+expect resp.http.before == "*"
+expect resp.http.after == "*"
+} -run
diff --git a/src/http_act.c b/src/http_act.c
index 5eeba631b..a92e5674c 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -329,6 +329,23 @@ static enum act_return http_action_normalize_uri(struct
act_rule *rule, struct p
err = uri_normalizer_fragment_strip(path, );
+ if (err != URI_NORMALIZER_ERR_NONE)
+ break;
+
+ if (!http_replace_req_path(htx, newpath, 1))
+ goto fail_rewrite;
+
+ break;
+ }
+
[PATCH 1/2] MINOR: uri_normalizer: Add `fragment-strip` normalizer
This normalizer strips the URI's fragment component which should never be sent
to the server.
See GitHub Issue #714.
---
doc/configuration.txt | 12 ++
include/haproxy/action-t.h | 1 +
include/haproxy/uri_normalizer.h | 8 +++
reg-tests/http-rules/normalize_uri.vtc | 31 +-
src/http_act.c | 22 ++
5 files changed, 73 insertions(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 964bc04ce..00749e5ee 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6172,6 +6172,7 @@ http-request early-hint [ { if | unless }
]
See RFC 8297 for more information.
http-request normalize-uri [ { if | unless } ]
+http-request normalize-uri fragment-strip [ { if | unless } ]
http-request normalize-uri path-merge-slashes [ { if | unless } ]
http-request normalize-uri path-strip-dot [ { if | unless } ]
http-request normalize-uri path-strip-dotdot [ full ] [ { if | unless }
]
@@ -6209,6 +6210,17 @@ http-request normalize-uri query-sort-by-name [ { if |
unless } ]
The following normalizers are available:
+ - fragment-strip: Removes the URI's "fragment" component.
+
+ According to RFC 3986#3.5 the "fragment" component of an URI should not
+ be sent, but handled by the User Agent after retrieving a resource.
+
+ This normalizer should be applied first to ensure that the fragment is
+ not interpreted as part of the request's path component.
+
+ Example:
+ - /#foo -> /
+
- path-strip-dot: Removes "/./" segments within the "path" component
(RFC 3986#6.2.2.3).
diff --git a/include/haproxy/action-t.h b/include/haproxy/action-t.h
index 5b9f543ae..56ac32f7f 100644
--- a/include/haproxy/action-t.h
+++ b/include/haproxy/action-t.h
@@ -111,6 +111,7 @@ enum act_normalize_uri {
ACT_NORMALIZE_URI_PERCENT_TO_UPPERCASE_STRICT,
ACT_NORMALIZE_URI_PERCENT_DECODE_UNRESERVED,
ACT_NORMALIZE_URI_PERCENT_DECODE_UNRESERVED_STRICT,
+ ACT_NORMALIZE_URI_FRAGMENT_STRIP,
};
/* NOTE: if <.action_ptr> is defined, the referenced function will always be
diff --git a/include/haproxy/uri_normalizer.h b/include/haproxy/uri_normalizer.h
index 06f237e45..fa5d89dd0 100644
--- a/include/haproxy/uri_normalizer.h
+++ b/include/haproxy/uri_normalizer.h
@@ -18,6 +18,14 @@
#include
+/* Cuts the input at the first '#'. */
+static inline enum uri_normalizer_err uri_normalizer_fragment_strip(const
struct ist input, struct ist *dst)
+{
+ *dst = iststop(input, '#');
+
+ return URI_NORMALIZER_ERR_NONE;
+}
+
enum uri_normalizer_err uri_normalizer_percent_decode_unreserved(const struct
ist input, int strict, struct ist *dst);
enum uri_normalizer_err uri_normalizer_percent_upper(const struct ist input,
int strict, struct ist *dst);
enum uri_normalizer_err uri_normalizer_path_dot(const struct ist path, struct
ist *dst);
diff --git a/reg-tests/http-rules/normalize_uri.vtc
b/reg-tests/http-rules/normalize_uri.vtc
index 42c4c428b..792bea5d4 100644
--- a/reg-tests/http-rules/normalize_uri.vtc
+++ b/reg-tests/http-rules/normalize_uri.vtc
@@ -8,7 +8,7 @@ feature ignore_unknown_macro
server s1 {
rxreq
txresp
-} -repeat 63 -start
+} -repeat 66 -start
haproxy h1 -conf {
global
@@ -125,6 +125,18 @@ haproxy h1 -conf {
default_backend be
+frontend fe_fragment_strip
+bind "fd@${fe_fragment_strip}"
+
+http-request set-var(txn.before) url
+http-request normalize-uri fragment-strip
+http-request set-var(txn.after) url
+
+http-response add-header before %[var(txn.before)]
+http-response add-header after %[var(txn.after)]
+
+default_backend be
+
backend be
server s1 ${s1_addr}:${s1_port}
@@ -471,3 +483,20 @@ client c8 -connect
${h1_fe_percent_decode_unreserved_strict_sock} {
rxresp
expect resp.status == 400
} -run
+
+client c9 -connect ${h1_fe_fragment_strip_sock} {
+txreq -url "/#foo"
+rxresp
+expect resp.http.before == "/#foo"
+expect resp.http.after == "/"
+
+txreq -url "/%23foo"
+rxresp
+expect resp.http.before == "/%23foo"
+expect resp.http.after == "/%23foo"
+
+txreq -req OPTIONS -url "*"
+rxresp
+expect resp.http.before == "*"
+expect resp.http.after == "*"
+} -run
diff --git a/src/http_act.c b/src/http_act.c
index b8413f331..5eeba631b 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -312,6 +312,23 @@ static enum act_return http_action_normalize_uri(struct
act_rule *rule, struct p
err = uri_normalizer_percent_decode_unreserved(path,
rule->action == ACT_NORMALIZE_URI_PERCENT_DECODE_UNRESERVED_STRICT, );
+ if (err != URI_NORMALIZER_ERR_NONE)
+ break;
+
+ if (!http_replace_req_path(htx, newpath, 1))
+ goto
[PR] Correct example reload command in the document
Dear list! Author: varnav Number of patches: 1 This is an automated relay of the Github pull request: Correct example reload command in the document Patch title(s): Correct example reload command in the document Link: https://github.com/haproxy/haproxy/pull/1245 Edit locally: wget https://github.com/haproxy/haproxy/pull/1245.patch && vi 1245.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1245.patch | git am - Description: Current example is: `echo "reload" | socat /var/run/haproxy- master.sock` it will cause socat error: `exactly 2 addresses required (there are 1); use option "-h" for help` Correct working command is: `echo "reload" | socat /var/run/haproxy-master.sock stdin` Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
Inconsistent reading of txn vars from Lua script
Hello again! Here are the snippets running with 2.4-dev18 - docker image
haproxy:2.4-dev18-alpine:
$ cat h.cfg
global
log stdout format raw local0
lua-load /tmp/h/svc1.lua
lua-load /tmp/h/svc2.lua
defaults
timeout server 1m
timeout client 1m
timeout connect 5s
log global
listen l
mode http
bind :8000
option httplog
http-request lua.auth
http-request use-service lua.send-failure
$ cat svc1.lua
core.register_action("auth", { "http-req" }, function(txn)
txn:set_var("txn.code", 401, true)
end, 0)
$ cat svc2.lua
core.register_service("send-failure", "http", function(applet)
response = applet:get_var("txn.code")
if response ~= nil then
applet:set_status(response)
else
applet:set_status(403)
end
applet:add_header("Content-Length", 0)
applet:add_header("Content-Type", "text/plain")
applet:start_response()
end)
Now curl’ing the config above:
$ curl -i localhost:8000
HTTP/1.1 403 Forbidden
content-type: text/plain
content-length: 0
$ curl -i localhost:8000
HTTP/1.1 401 Unauthorized
content-type: text/plain
content-length: 0
The first run is always a 403 which means that the reading of the txn.code
retuned nil, all the next attempts correctly returns 401. Maybe I’m missing
some kind of initialization here? Otherwise I’m happy to provide this as a
GitHub issue.
~jm
Re: [ANNOUNCE] haproxy-2.4-dev19
Hi Tim, On Mon, May 10, 2021 at 10:48:38AM +0200, Tim Düsterhus wrote: > As this is expected to be the last "release candidate" I just threw > 2.4-dev19 onto one of our HAProxy machines: > > > # > > 3932master 0 *snip* > > *snip* 2.4~dev19-1# workers > > 15082 worker 1 0 > > 0d00h00m12s 2.4~dev19-1# old workers > > 10384 worker [was: 1]1 *snip* > > 2.3.10-1~bpo10+1 > > # programs > > Let's see how that goes :-) Hehe, thanks for joining the effort! > > So if you still have a comment to formulate, hurry up! > > I dropped the ball on the normalizers a bit due to other work, I'm sorry > about that. I plan to send two patches for 'fragment-strip' and > 'fragment-encode' tonight (based off our private exchange). I expect these > to be safe, as the feature is marked experimental and clearly separated. OK, thanks for letting me know. Willy
Re: [ANNOUNCE] haproxy-2.4-dev19
Willy, On 5/10/21 8:50 AM, Willy Tarreau wrote: I really don't expect any more significant changes being applied before the release now, so we'll focus on cosmetic updates, doc and build tests on various platforms. I'll add a few CPU entries in the Makefile to ease building on modern ARM platforms and recheck the docs aimed at newcomers (contributing, reporting issues etc). Unless a huge bug falls in front of us blocking any progress, I think we'll release this week, ideally on Friday morning so that those in search of a distraction for their boring Friday afternoon have something to play with :-) As this is expected to be the last "release candidate" I just threw 2.4-dev19 onto one of our HAProxy machines: # 3932master 0 *snip* *snip* 2.4~dev19-1 # workers 15082 worker 1 0 0d00h00m12s 2.4~dev19-1 # old workers 10384 worker [was: 1]1 *snip* 2.3.10-1~bpo10+1 # programs Let's see how that goes :-) So if you still have a comment to formulate, hurry up! I dropped the ball on the normalizers a bit due to other work, I'm sorry about that. I plan to send two patches for 'fragment-strip' and 'fragment-encode' tonight (based off our private exchange). I expect these to be safe, as the feature is marked experimental and clearly separated. Best regards Tim Düsterhus
[PATCH] spell check fixes
Hello,
yet another spell check improvements.
Ilya
From 58ea7d81c586a609aa7bdea44d0c33a7de500fda Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Mon, 10 May 2021 12:50:00 +0500
Subject: [PATCH 2/2] CLEANUP: assorted typo fixes in the code and comments
This is 23rd iteration of typo fixes
---
doc/configuration.txt | 2 +-
src/activity.c| 4 ++--
src/haproxy.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 964bc04ce..a716c3481 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12247,7 +12247,7 @@ tcp-request content [{if | unless} ]
"tcp-request content" rules are not evaluated. This upgrade method should be
preferred to the implicit one consisting to rely on the backend mode. When
used, it is possible to set HTTP directives in a frontend without any
- warning. These directives will be conditionaly evaluated if the HTTP upgrade
+ warning. These directives will be conditionally evaluated if the HTTP upgrade
is performed. However, an HTTP backend must still be selected. It remains
unsupported to route an HTTP connection (upgraded or not) to a TCP server.
diff --git a/src/activity.c b/src/activity.c
index 179ff1f32..ec230da82 100644
--- a/src/activity.c
+++ b/src/activity.c
@@ -112,7 +112,7 @@ static __attribute__((noreturn)) void memprof_die(const char *msg)
* Worse, we have to account for the risk of reentrance from dlsym() when
* it tries to prepare its error messages. Here its ahndled by in_memprof
* that makes allocators return NULL. dlsym() handles it gracefully. An
- * alternate approch consists in calling aligned_alloc() from these places
+ * alternate approach consists in calling aligned_alloc() from these places
* but that would mean not being able to intercept it later if considered
* useful to do so.
*/
@@ -411,7 +411,7 @@ static int cli_parse_set_profiling(char **args, char *payload, struct appctx *ap
}
if (strcmp(args[2], "tasks") != 0)
- return cli_err(appctx, "Expects etiher 'tasks' or 'memory'.\n");
+ return cli_err(appctx, "Expects either 'tasks' or 'memory'.\n");
if (strcmp(args[3], "on") == 0) {
unsigned int old = profiling;
diff --git a/src/haproxy.c b/src/haproxy.c
index c13beb487..1fd4a6be6 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2623,7 +2623,7 @@ void run_poll_loop()
int i;
if (stopping) {
-/* stop muxes before acknowleding stopping */
+/* stop muxes before acknowledging stopping */
if (!(stopping_thread_mask & tid_bit)) {
task_wakeup(mux_stopping_data[tid].task, TASK_WOKEN_OTHER);
wake = 1;
--
2.31.1
From 58064260ab0f4b65bad595e9e987d4d4223016a0 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Mon, 10 May 2021 12:45:18 +0500
Subject: [PATCH 1/2] CI: extend spellchecker whitelist, add "ists" as well
codespell does not handle plurals, we already whitelusted "ist", let us
whitelist "ists" as well
---
.github/workflows/codespell.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index c2130ebf9..de49f4343 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -14,4 +14,4 @@ jobs:
- name: install prerequisites
run: sudo pip install codespell
- name: check
- run: codespell -c -q 2 --ignore-words-list ist,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen --skip="CHANGELOG,Makefile,*.fig,*.pem"
+ run: codespell -c -q 2 --ignore-words-list ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen --skip="CHANGELOG,Makefile,*.fig,*.pem"
--
2.31.1
[ANNOUNCE] haproxy-2.4-dev19
Hi, HAProxy 2.4-dev19 was released on 2021/05/10. It added 155 new commits after version 2.4-dev18. It took longer than I expected because of late discoveries of some monstrosities with the includes which are responsible for the long build times. When you see that the task scheduler or arguments parser implicitly include openssl and resulted in 41k lines having to be compiled, that's quite annoying. At least now I figured the root cause. It's because openssl uses typedefs to define types, and doing so prevents one from using forward declaration of incomplete types, forcing all struct members that require a pointer to include the file (these are in struct server and struct listener, so virtually everywhere). On the forthcoming week I'll still look if a cleaner cut is possible between the include files, othrewise we'll defer this to 2.5. With that aside, I think we're done, with everything planed having been completed by the end of last week. Among the user-visible changes, here's what I'm having in mind in random order: - CLI: fixed a memory leak on write errors. Also the "help" output was re-aligned and sorted for better legibility. Larger lines allowed to report the usage syntax that most commands were missing. - experimental commands/directives: using experimental directives in the configuration will require an opt-in by placing the directive "expose-experimental-directives" in the global section. The goal is to make sure that random copy-paste from blogs doesn't result in users being exposed without being aware of it. For now this affects the "tune.fd.edge-triggered" global option and "http-request normalize-uri" action. - use of declaration and execution of experimental or expert features is reported with a new "tainted" flag reported in "show info", that should primarily help developers know if anything dangerous or less known was done on the process, but could also possibly help an admin figure that someone used some tricky commands on the CLI. - the spelling inconsistencies between "haproxy/Haproxy/HAproxy/HA-Proxy" etc were (hopefully) all addressed, including the one that appears in "haproxy -v" that I already forgot to fix before previous release. - the "abortonclose" option was fixed for HTTP/1, as in some cases the mux wouldn't try to read anymore thus wouldn't detect a client close. - an optional memory profiler was added to detect where memory is used. It's enabled by "set profiling memory on" on the CLI and consulted using "show profiling memory". It shows the number of allocations and releases per caller as well as their size. It's interesting to watch when using external libs like openssl or Lua. It works well on Linux and glibc, I managed to get it to build and work on FreeBSD as well, though with a bit less visibility for now. It uses very little resources so I wanted to have it merged so that in the future we could ask some issue reporters to enable it. - idle frontend connections will now be closed on reload. Till now they could only be closed when after receiving and processing a new request, forcing many users to add a hard-stop-after directive. Now for the vast majority of users this should be cleaner and the old process should disappear much faster. - on reload, idle backend connections were not explicitly closed, resulting in a "normal" death when the process exited. This used to cause some TIME_WAIT sockets to be left, consuming source ports for a long time. In some environments it's a problem. Now there's an explicit kill of these connections when quitting so as not to leave such entries lying around. - the "ALERT/WARNING/NOTICE/DIAG" output messages in foreground were cleaned up to drop the unused time code and to align them so that they read better. - the .if/.elif config directives now support a few predicates to isolate a config block. The strict minimum was done to help with migrations, test configs for developers, and more portable regtests in the future. We currently have "version_atleast()" and "version_before()" which test for the current version being at least or before the mentioned one, "feature()" to test for a feature to appear in the "Feature list" of "haproxy -vv", "streq()" and "strneq()" to test for string equality or difference, and "defined()" to test for the existence of an environment variable. I think that some of us will stop modifying their test configs 10 times a day to enable/disable SSL or PROMEX for example, and that we won't replace as many VTCs between 2.4 and 2.5 as we replaced between 2.3 and 2.4. - the diagnostic mode (-dD) will not complain anymore about peers having a zero weight, and will also report annotations left by the admin using the new ".diag" config directive. - "show info" now supports an optional "float"
