Re: Is it possible to capture the body of http responses?

2021-09-13 Thread Ryan Burn 
On Thu, Sep 9, 2021 at 12:22 AM Christopher Faulet 
wrote:

> Le 8/11/21 à 2:53 AM, Ryan Burn a écrit :
> > I'm working on integrating HAProxy with traceable.ai <
> http://traceable.ai>'s
> > security product.
> >
> > As part of the integration, we'd like to capture the contents of any
> http
> > responses processed by HAProxy and send them to a service either via
> SPOA or an
> > RPC call from Lua. The response contents are used by the product to help
> > identify possible security threats.
> >
> > I've tried a few things, but haven't found a reliable way to capture the
> > contents of response bodies. Is this possible with HAProxy?
> >
> > Here are the approaches I've explored so far:
> >
> > 1. I used the "res.body" fetch but that only provides the contents
> sometimes (I
> > presume if it's available in a buffer):
> >
> https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/extcap.conf#L19
> > <
> https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/extcap.conf#L19
> >
> >
> > 2. I also tried accessing the contents of the response channel from a
> Lua
> > action, but that fails with "Cannot manipulate HAProxy channels in HTTP
> mode"
> >
> https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/response.lua#L5
> > <
> https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/response.lua#L5
> >
>
>
> About the sample fetches, on HAProxy 2.3 and lower, there is no way to get
> the
> response payload because it is not possible to wait for it. There is no
> equivalent to the "http-buffer-request" option on the response side. On
> HAProxy-2.4, it is possible by using "wait-for-body" HTTP rule, available
> on the
> request and the response side. However, it is still limited by the buffer
> size.
>

Thanks Christopher! Do you know how to access the response body from a SPOA
if you add the "wait-for-body"?

I added the wait-for-proxy rules to my example project, but the "res.body"
argument still doesn't consistently provide the full body.
https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/haproxy.cfg#L15-L16

Re: [PATCH] BUILD: opentracing: excluded use of haproxy variables for, OpenTracing context

2021-09-13 Thread Miroslav Zagorac 

Hello Tim,

On 09/11/2021 12:09 AM, Tim Düsterhus wrote:

The programming style in OT is not what I'm used to, but if I understand
it correctly then maybe istmatchi() is what you are searching for (it
matches prefixes which should be what you are doing manually)?



yes, this function could be used instead of strncasecmp().  However, it
doesn't seem optimized to me and is certainly faster than strncasecmp()
for simple cases for strings where the difference is right at the
beginning.  Already after comparing strings longer than 4 characters
(and the first 4 are the same), the function is slower than
strncasecmp() and the duration of the function increases rapidly while
the processing time of the function strncasecmp() is quite stable).

I’m not writing this to start some deeper discussion, this is purely
informative.  :)

Best regards,

--
Miroslav Zagorac
Senior Developer

Analyse the features of your website - Haproxy.com

2021-09-13 Thread Andrew Peng 
Hello,

I was on Haproxy.com.

What I think, there are a few things you could implement pretty quickly
that would help boost your Google rankings, organic traffic and conversions.

A major part includes enhancing social presence Enhance Facebook likes,
speed up twitter followers, YouTube viewers, Followers over on Instagram.

Is this of interest? Please.

Andrew Peng.
(304) 489-2271