PATCH: add ::1 to predefined LOCALHOST acl
Hi, are there any objections for adding ::1 to the LOCALHOST acl? See attached patch... Björn >From 5dcb29346e65549afdaaa035468f8d9d8c9c23ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Fri, 15 Oct 2021 16:32:15 +0200 Subject: [PATCH] MINOR: add ::1 to predefined LOCALHOST acl --- doc/configuration.txt | 2 +- src/acl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index e58d6d3e2..032ac8227 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -20638,7 +20638,7 @@ HTTP_CONTENT req.hdr_val(content-length) gt 0 match an existing content-le HTTP_URL_ABS url_reg ^[^/:]*:// match absolute URL with scheme HTTP_URL_SLASH url_beg / match URL beginning with "/" HTTP_URL_STARurl * match URL equal to "*" -LOCALHOSTsrc 127.0.0.1/8match connection from local host +LOCALHOSTsrc 127.0.0.1/8 ::1match connection from local host METH_CONNECT method CONNECTmatch HTTP CONNECT method METH_DELETE method DELETE match HTTP DELETE method METH_GET method GET HEAD match HTTP GET or HEAD method diff --git a/src/acl.c b/src/acl.c index 6d11a0b35..480dd11a8 100644 --- a/src/acl.c +++ b/src/acl.c @@ -754,7 +754,7 @@ const struct { } default_acl_list[] = { { .name = "TRUE", .expr = {"always_true",""}}, { .name = "FALSE", .expr = {"always_false",""}}, - { .name = "LOCALHOST", .expr = {"src","127.0.0.1/8",""}}, + { .name = "LOCALHOST", .expr = {"src","127.0.0.1/8","::1",""}}, { .name = "HTTP", .expr = {"req.proto_http",""}}, { .name = "HTTP_1.0", .expr = {"req.ver","1.0",""}}, { .name = "HTTP_1.1", .expr = {"req.ver","1.1",""}}, -- 2.25.1
[PATCH] CLEANUP: assorted typo fixes in the code and comments
This is 27th iteration of typo fixes --- doc/configuration.txt| 2 +- include/haproxy/h3.h | 2 +- include/haproxy/mux_quic-t.h | 2 +- include/haproxy/mux_quic.h | 2 +- include/haproxy/qpack-t.h| 2 +- reg-tests/http-messaging/http_request_buffer.vtc | 4 ++-- reg-tests/ssl/ssl_errors.vtc | 2 +- src/h3.c | 4 ++-- src/hlua.c | 2 +- src/http_client.c| 6 +++--- src/xprt_quic.c | 12 ++-- 11 files changed, 20 insertions(+), 20 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index c242698c4..5774bf7f4 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -21273,7 +21273,7 @@ Detailed fields description : - "ssl_fc_err" is the last error of the first SSL error stack that was raised on the connection from the frontend's perspective. It might be used to detect SSL handshake errors for instance. It will be 0 if everything -went well. See the "ssl_fc_err" sample fetch's decription for more +went well. See the "ssl_fc_err" sample fetch's description for more information. - "ssl_c_err" is the status of the client's certificate verification process. diff --git a/include/haproxy/h3.h b/include/haproxy/h3.h index 4c329b8ab..e61a2d9b2 100644 --- a/include/haproxy/h3.h +++ b/include/haproxy/h3.h @@ -1,6 +1,6 @@ /* * include/haproxy/h3.h - * This file containts types for H3 + * This file contains types for H3 * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/include/haproxy/mux_quic-t.h b/include/haproxy/mux_quic-t.h index 09e0585f6..b93a8a578 100644 --- a/include/haproxy/mux_quic-t.h +++ b/include/haproxy/mux_quic-t.h @@ -1,6 +1,6 @@ /* * include/haproxy/mux_quic-t.h - * This file containts types for QUIC mux-demux. + * This file contains types for QUIC mux-demux. * * Copyright 2021 HAProxy Technologies, Frédéric Lécaille * diff --git a/include/haproxy/mux_quic.h b/include/haproxy/mux_quic.h index 2991e871a..332c5291a 100644 --- a/include/haproxy/mux_quic.h +++ b/include/haproxy/mux_quic.h @@ -1,6 +1,6 @@ /* * include/haproxy/mux_quic-t.h - * This file containts prototypes for QUIC mux-demux. + * This file contains prototypes for QUIC mux-demux. * * Copyright 2021 HAProxy Technologies, Frédéric Lécaille * diff --git a/include/haproxy/qpack-t.h b/include/haproxy/qpack-t.h index 832094e8e..1200eef94 100644 --- a/include/haproxy/qpack-t.h +++ b/include/haproxy/qpack-t.h @@ -1,6 +1,6 @@ /* * include/haproxy/qpack-t.h - * This file containts types for QPACK + * This file contains types for QPACK * * Copyright 2021 HAProxy Technologies, Frédéric Lécaille * diff --git a/reg-tests/http-messaging/http_request_buffer.vtc b/reg-tests/http-messaging/http_request_buffer.vtc index 8ed683be7..c41781425 100644 --- a/reg-tests/http-messaging/http_request_buffer.vtc +++ b/reg-tests/http-messaging/http_request_buffer.vtc @@ -87,7 +87,7 @@ client c2 -connect ${h1_fe1_sock} { } -run # Payload is fully sent in 2 steps (with a small delay, smaller than the client -# timeout) and splitted on a chunk size. +# timeout) and split on a chunk size. # ==> Request must be sent to the server. A 200 must be received client c3 -connect ${h1_fe1_sock} { send "POST /1 HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n1\r\n1\r\n1" @@ -98,7 +98,7 @@ client c3 -connect ${h1_fe1_sock} { } -run # Last CRLF of the request payload is missing but payload is sent in 2 steps -# (with a small delay, smaller than the client timeout) and splitted on a chunk +# (with a small delay, smaller than the client timeout) and split on a chunk # size. The client aborts before sending the last CRLF. # ==> Request must be handled as an error with 'CR--' termination state. client c4 -connect ${h1_fe1_sock} { diff --git a/reg-tests/ssl/ssl_errors.vtc b/reg-tests/ssl/ssl_errors.vtc index 7daf2102f..ef83e3e60 100644 --- a/reg-tests/ssl/ssl_errors.vtc +++ b/reg-tests/ssl/ssl_errors.vtc @@ -54,7 +54,7 @@ syslog Slg_cust_fmt -level info { barrier b1 sync -# In case of an error occuring before the certificate verification process, +# In case of an error occurring before the certificate verification process, # the client certificate chain is never parsed and verified so we can't # have information about the client's certificate. recv diff --git a/src/h3.c b/src/h3.c index fc68432f8..cd8f32d55 100644 --- a/src/h3.c +++ b/src/h3.c @@ -196,7 +196,7 @@ static int h3_decode_qcs(struct qcs *qcs, void *ctx) cs->ctx = qcs; stream_create_from_cs(cs, _buf); - /* buffer is
Re: compression offload and http2
On 15.10.21 10:10, Christopher Faulet wrote: It should work. What is your HAProxy version ? 2.4.7 Björn
TFO warnings
Hi I have backends with `default-server tfo`. I also have `retry-on conn-failure` on every backend except one where I have `retry-on all-retryable-errors`. I still get this warning for every backend. [WARNING] (9572) : parsing [/etc/haproxy/haproxy.cfg:332] : backend 'cookie_backend': server 'dogfight03' has tfo activated, the backend should be configured with at least 'conn-failure', 'empty-response' and 'response-timeout' or we wouldn't be able to retry the connection on failure. Is this a bug or do I need to have `retry-on conn-failure empty-response response-timeout`? Isn't it bad to have `retry-on response-timeout`? Thanks Elias
Re: compression offload and http2
Le 10/15/21 à 12:47 AM, Björn Jacke a écrit : Hi, I noticed that the compression offload feature is not working with backends using h2. I couldn't find any note in the documentation that the compression offload feature is limited to http 1 only. Is it a bug that it doesn't work with http2 or is it by design and just the documentation might need some clarification here. Hi, It should work. What is your HAProxy version ? -- Christopher Faulet