Hi,
I wanted to report a nasty bug I discovered today:
Portforwarding to a different IP on the same haproxy-box causes haproxy behave
buggy.
This error happens when one uses the TPROXY target for portforwarding,
ie. like this:
Let's say the IP of the main interface is 192.168.100.100,
and
I'm trying to ensure that multiple connections from the same browser end
up on the same back end server, and having lots of trouble. All my work
with haproxy up to now has been with connections that don't need
persistence - everything relevant happens in one http request.
This is probably PEBCAK
Hi Shawn,
Le 15/01/2015 01:59, Shawn Heisey a écrit :
I'm trying to ensure that multiple connections from the same browser end
up on the same back end server, and having lots of trouble. All my work
with haproxy up to now has been with connections that don't need
persistence - everything
Hi Cyrill,
Thanks for the update.
In Application side we are not using any SSL offloading. I have tested
with pound (for ssl termination) haproxy (for load balancing) combination
and issue got resolved. But if i tried with haproxy only , then getting the
issue. I think there is some
Hi All,
We got hit with a bit of traffic and we saw haproxy dump most of the
traffic to 3-4 app servers, sometimes even just one and driving load on
there to 90. We were running 1.5.9, I upgraded to 1.5.10 and the same
problem remained. Currently traffic is low so everything is load balanced
Hello folks,
I'd like to use the proxy / webirc feature of ngIRCd. For that, it is
required that the proxy sends the following command at the beginning of
the communication :
WEBIRC password username hostname ip-address
(see http://ngircd.barton.de/doc/Protocol.txt, section II.4)
How can I
Hi,
Le 15/01/2015 03:59, RAKESH P B a écrit :
Hi Cyrill,
Thanks for the update.
In Application side we are not using any SSL offloading. I have tested
with pound (for ssl termination) haproxy (for load balancing)
combination and issue got resolved.
I guess you have RewriteLocation 0 in
Hey guys,
just a thought... wouldn't it make sense to add an option to tcp-request
connection reject to disable the actual TCP RST? So, an attacker tries to
(keep) open a lot of ports:
a) HAProxy (configured with rate limiting etc.) does a tcp-request connection
reject which ends up as a TCP
On Wed, Jan 14, 2015 at 5:00 PM, Christian Ruppert c.rupp...@babiel.com wrote:
Hey guys,
just a thought... wouldn't it make sense to add an option to tcp-request
connection reject to disable the actual TCP RST? So, an attacker tries to
(keep) open a lot of ports:
a) HAProxy (configured with
Hi Baptiste,
tarpit is pretty handy but as far as I understood it will keep the connection
open, on both sides. So at some point (pretty quickly actually) we cannot handle
any more connections on that host. The host will become slow and/or
unresponsive. When we close the connection on our local
10 matches
Mail list logo
