On 2015-10-08 18:24, Lukas Tribus wrote:
Are you sure your TLSv1.2 client is actually sending
jve.linuxwall.info as SNI value? I suggest to remove the
SNI if statement while testing the TLS ACL.
Argh... I can't count the number of times forgetting -servername in
openssl s_client got me looking
On Fri, Oct 09, 2015 at 12:24:11AM +0200, Lukas Tribus wrote:
> > frontend https-in
> > bind 0.0.0.0:443
> > mode tcp
> > tcp-request inspect-delay 5s
> > tcp-request content accept if { req_ssl_hello_type 1 }
> >
> > acl sni_jve req.ssl_sni -i jve.linuxwall.info
> > acl tls12 req.payload(9,2) -m
Le 09/10/2015 10:27, Willy Tarreau a écrit :
Hi Christopher,
I applied the first two ones, but the last one seems to be doing
a lot of stuff at the same time. It's not even clear to me whether
it fixes something or improves something or does both, but the
review is quite hard. Is it possible to
On Fri, Oct 09, 2015 at 11:59:00AM +0200, Christopher Faulet wrote:
> Le 09/10/2015 10:27, Willy Tarreau a écrit :
> >Hi Christopher,
> >
> >I applied the first two ones, but the last one seems to be doing
> >a lot of stuff at the same time. It's not even clear to me whether
> >it fixes something
Hi Christopher,
I applied the first two ones, but the last one seems to be doing
a lot of stuff at the same time. It's not even clear to me whether
it fixes something or improves something or does both, but the
review is quite hard. Is it possible to cut it into functional
parts ? In practice we
Lukas,
Le 08/10/2015 23:47, Lukas Tribus a écrit :
> You really need to post the actual configuration, because we don't
> have any idea what you are trying to do and how you configured it.
>
> But yes, 213.254.248.96/27 covers 32 IPs starting from 213.254.248.96
> until 213.254.248.127.
Yes…
On Thu, Oct 08, 2015 at 02:03:19PM +0200, Christopher Faulet wrote:
> Hi,
>
> The 'OPTIONS' method was not in the list of supported HTTP methods and
> find_http_meth return HTTP_METH_OTHER instead of HTTP_METH_OPTIONS.
Wow good catch, I feel ashamed or having missed it. It was already
bogus in
Hi Christopher,
On Thu, Oct 08, 2015 at 11:57:02AM +0200, Christopher Faulet wrote:
> Hi,
>
> lru64_lookup function was added in a previous patch of mine. This one
> just remove a useless memory allocation.
Applied with the text above as the commit description. In the future,
please keep in
Hi,
On Fri, Oct 09, 2015 at 01:26:37PM +, Bosco Mutunga wrote:
> Hi,
>
> I???m experiencing a strange issue whereby Haproxy completely hangs when it
> receives a certain request, i have confirmed that the request is received
> through the following tcpdump, but it does not appear in the
Le 09/10/2015 12:36, Jarno Huuskonen a écrit :
> Maybe req.hdr_ip would work better ?
> (https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.6-req.hdr_ip)
OK. Thanks.
Hi,
On Fri, Oct 09, Sébastien LECOMTE wrote:
[...]
> acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24
> 213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26
> 91.237.72.4
[...]
> http-request allow if private_domain allowed_clients
> http-request deny if
Le 09/10/2015 12:19, Willy Tarreau a écrit :
On Fri, Oct 09, 2015 at 11:59:00AM +0200, Christopher Faulet wrote:
Le 09/10/2015 10:27, Willy Tarreau a écrit :
Hi Christopher,
I applied the first two ones, but the last one seems to be doing
a lot of stuff at the same time. It's not even clear
On Fri, Oct 09, 2015 at 01:46:50PM +0200, Christopher Faulet wrote:
> ssl_ctx_lru_tree could be defined outside the ifdef, but it is only used
> when SNI extension is available. So there is no reason to initialize it
> if there is no SNI.
>
> Then, when SNI is available, the tree can be NULL if
> acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24 [...]
This is a *string* comparison. You will have to use "req.hdr_ip" [1]:
acl allowed_clients req.hdr_ip(X-Real-IP,-1) 10.10.200.0/24 [...]
Regards,
Lukas
[1]
Le 09/10/2015 12:41, Lukas Tribus a écrit :
> This is a *string* comparison. You will have to use "req.hdr_ip" [1]:
>
> acl allowed_clients req.hdr_ip(X-Real-IP,-1) 10.10.200.0/24 [...]
Oh damned.
Thanks a lot… I'll try this right now.
Those are not the actual credentials, any idea what might be wrong?
> On 9 Oct 2015, at 16:40, Baptiste wrote:
>
> Wonderfull,
>
> Please tell afbbank to change their password !
>
> Baptiste
>
>
> On Fri, Oct 9, 2015 at 3:26 PM, Bosco Mutunga
cool :)
Ok, we need configuration and log lines relative to this POST.
Baptiste
On Fri, Oct 9, 2015 at 3:43 PM, Bosco Mutunga wrote:
> Those are not the actual credentials, any idea what might be wrong?
>
>> On 9 Oct 2015, at 16:40, Baptiste wrote:
Hi,
I’m experiencing a strange issue whereby Haproxy completely hangs when it
receives a certain request, i have confirmed that the request is received
through the following tcpdump, but it does not appear in the haproxy logs,
neither is it forwarded.
09:24:05.853373 IP (tos 0x0, ttl 58, id
Wonderfull,
Please tell afbbank to change their password !
Baptiste
On Fri, Oct 9, 2015 at 3:26 PM, Bosco Mutunga wrote:
> Hi,
>
> I’m experiencing a strange issue whereby Haproxy completely hangs when it
> receives a certain request, i have confirmed that the
Nothing appears on the logs with respect to this request
> On 9 Oct 2015, at 16:59, Baptiste wrote:
>
> cool :)
> Ok, we need configuration and log lines relative to this POST.
>
> Baptiste
>
> On Fri, Oct 9, 2015 at 3:43 PM, Bosco Mutunga
>
L’actualité hebdomadaire par RFI - 09/10/2015
Visualisez cet email dans votre navigateur
http://rfi.nlfrancemm.com/HM?b=5FRpeFwUC7h8nm5tw6aXwovaf6uX6GkR7VQMtcclsuuFpKSVys6vM0m21FUd7-EB=P8yc1pjx5AP8FjdAfiRrRw
L’incroyable procès Savtchenko, une pilote ukrainienne jugée en Russie
Appels sur
21 matches
Mail list logo