Re: haproxy indefinitely delays the delivery of small http chunks with slz
Hi Robert, On Tue, Jun 27, 2023 at 01:19:20PM +0100, Robert Newson wrote: > Hi, > > i'm happy to confirm the two patches combined address the symptom I reported > at the start of the thread. I applied them to haproxy.git master after > confirming that the problem occurred there for a realistic setup (couchdb > with HAProxy in front configured to do compression). Excellent, thanks! I'll merge them both to the libslz project and to haproxy. > The CouchDB project are considering adding a WebSocket option for this > endpoint in light of the re-realisation that we've been living in HTTP sin > this whole time. Yes that would be nice indeed! I don't know if you could benefit from this, but in addition with websocket you'd get fully interactive and bidirectional communication, which may allow the client to send extra requests or interrupt the processing etc. Also WS will work both over HTTP/1 and HTTP/2 and might permit to coalesce multiple connections into a single one with multiple streams if there's any benefit in doing this. > Your patches are most welcome as they mean users can keep doing what they've > always been doing and can upgrade HAProxy without having to make any change. Yeah, I'll ensure we can backport them so that it continues to work transparently. Please just remind your users that they should be using "option http-no-delay" for what they're doing. It's very possible it will improve latency for them even on older versions, and may avoid similar issues in the future. > In the long term CouchDB will work towards providing an alternative method > that doesn't depend on the timely delivery of partial messages. > > Thank you again for your efforts, it is very much appreciated. You're welcome. It's always a pleasure to be able to improve the code base to cover some real-world limitations, especially when this grants more time to address these limitations cleanly for the long term. It's always better than stacking ugly emergency workarounds :-) Cheers, Willy
Re: School Districts Contacts 2023
Hi there, We are excited to offer you a comprehensive email list of school districts that includes key contact information such as phone numbers, email addresses, mailing addresses, company revenue, size, and web addresses. Our databases also cover related industries such as: * K-12 schools * Universities * Vocational schools and training programs * Performing arts schools * Fitness centers and gyms * Child care services and providers * Educational publishers and suppliers If you're interested, we would be happy to provide you with relevant counts and a test file based on your specific requirements. Thank you for your time and consideration, and please let us know if you have any questions or concerns. Best regards, Nevaeh Rose To remove from this mailing reply with the subject line " LEAVE US".
Re: haproxy indefinitely delays the delivery of small http chunks with slz
Hi, i'm happy to confirm the two patches combined address the symptom I reported at the start of the thread. I applied them to haproxy.git master after confirming that the problem occurred there for a realistic setup (couchdb with HAProxy in front configured to do compression). The CouchDB project are considering adding a WebSocket option for this endpoint in light of the re-realisation that we've been living in HTTP sin this whole time. Your patches are most welcome as they mean users can keep doing what they've always been doing and can upgrade HAProxy without having to make any change. In the long term CouchDB will work towards providing an alternative method that doesn't depend on the timely delivery of partial messages. Thank you again for your efforts, it is very much appreciated. B. > On 26 Jun 2023, at 18:50, Willy Tarreau wrote: > > Hi Robert, > > On Sat, Jun 24, 2023 at 09:48:31PM +0100, Robert Newson wrote: >> Hi, >> >> That sounds great, much appreciated. I'll be available all week to test any >> patches you might propose. > > I gave it a try. There was already a flush call in the data block > processing (I don't know why, to be honest, I'd rather condition it to > the low latency, but let's not mix things for now). So I implemented a > flush() operation for slz and added a call to it in haproxy. > > I'd be interested if you could test the two attached patches. They're > for 2.9-dev but will likely apply to 2.8 and probably even a number of > older releases since this part doesn't change often. My tests were > fairly limited, I just verified that compressing a large file (200 MB) > directly with slz while injecting flushes after each read() continues > to produce the valid data, and that the regtests are still OK (a few > of them do use the compression). > > Thanks, > Willy > <0001-IMPORT-slz-implement-a-synchronous-flush-operation.patch><0002-WIP-compression-slz-support-just-a-pure-flush.patch>
Re: VULNERABILITY REPORT Email Spoofing Due to Weak SPF
*Hi There Team,* *Hope you are doing well,* Kindly update me regarding this vulnerability and I am hoping for a bug bounty from you for sending this vulnerability ethically to you. *Best,* On Sat, Jun 10, 2023 at 12:37 AM Muhammad Umar wrote: > I am a security researcher and I have found this vulnerability on your > website https://www.haproxy.org/ . > > Description : > > This report is about a misconfigured spf record flag , which can be used > to abuse the organization by posing the identity , which allows for fake > mailing on behalf of respected organizations . > > About the Issue : > > as i seen the SPF and TXT record for the haproxy.org which is : > > v=spf1 mx ~all > > > as u can see the symbol at last which Tilde (~all) is the issue , which > should be replaced by Hyphen (-all) symbol . > > so valid record will be look like : > > v=spf1 mx -all > > What's the issue : > > As you can see in the article difference between Softmail and fail you > should be using fail as Softmail allows anyone to send spoofed emails from > your domains. > > In the current SPF record you should replace ~ with - at last before all , > - is strict which prevents all spoofed emails except if you are sending . > > Attack Scenario : > > an attacker will send phishing mail or anything malicious mail to the > victim via mail : haproxy@formilux.org , even if the victim is aware of > a phishing attack , he will check the Origin email which will be > haproxy@formilux.org , so he will be sure that its not fake mail and get > trapped by attacker ! > > This can be done using any php mailer tool like this , > > > $to = "vic...@example.com"; > > $subject = "Password Change"; > > $txt = "Change your password by visiting here - [VIRUS LINK HERE]l"; > > $headers = "From: haproxy@formilux.org "; > > mail($to,$subject,$txt,$headers); > > ?> > > *Regards,* > *Muhammad Umar* > [image: image.png][image: image.png] > > >
