On Wed, Apr 6, 2016 at 11:34 PM, Lukas Erlacher wrote:
> Addendum:
>
> On the load balancer,
>
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>
> will match *all* packets (for example the packets of your SSH connection,
> since there is undoubtedly a socket for those SSH packets),
On Wed, Apr 6, 2016 at 9:53 AM, Willy Tarreau wrote:
[...]
> So this means that in TCP mode we're aware of the abort earlier than in
> HTTP mode. Thus we theorically have everything needed to decide not to
> connect if possible.
>
/me nods, it appears so.
> This one will result in truncated tran
Hi Frederik,
On Wed, Apr 06, 2016 at 08:49:09AM -0700, Frederik Deweerdt wrote:
> > > Mmm, adding "option abortonclose" does work in "mode http", but not in
> > > "mode tcp", which I've been using.
> >
> > Why are you saying this ?
>
> That's what I'm seeing in my tests, with ssl_sock_to_buf ins
Hello Willy,
On Sun, Apr 3, 2016 at 11:15 PM, Willy Tarreau wrote:
> On Thu, Mar 31, 2016 at 12:37:03PM -0700, Frederik Deweerdt wrote:
> > >> It seems that we would be a bit more efficient if we also aborted when
> > >> si_b->state was SI_ST_INI: that is, don't even try to open a connection
> >
Addendum:
On the load balancer,
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
will match *all* packets (for example the packets of your SSH connection, since
there is undoubtedly a socket for those SSH packets), at least it does on my
system; this is much nicer IMO:
iptables -t
On Wed, Apr 06, 2016 at 02:22:10PM +0200, Bertrand Paquet wrote:
> Hi,
>
> Please find the patch attached.
applied, thanks.
Willy
Hi,
Please find the patch attached.
Regards,
Bertrand
On Wed, Apr 6, 2016 at 12:59 PM, Willy Tarreau wrote:
> Hi Bertrand,
>
> On Wed, Apr 06, 2016 at 11:58:31AM +0200, Bertrand Paquet wrote:
> > Hi all,
> >
> > The following patch allow to log cookie for tarpit and denied request.
> > This m
Hi Bertrand,
On Wed, Apr 06, 2016 at 11:58:31AM +0200, Bertrand Paquet wrote:
> Hi all,
>
> The following patch allow to log cookie for tarpit and denied request.
> This minor bug affect at least 1.5, 1.6 and 1.7 branch.
Thank you.
Please check below, it seems that your mailer has mangled space
Hi all,
The following patch allow to log cookie for tarpit and denied request.
This minor bug affect at least 1.5, 1.6 and 1.7 branch.
The solution is not perfect : may be the cookie processing
(manage_client_side_cookies) can be moved into http_process_req_common.
Regards,
Bertrand
diff --git
10 matches
Mail list logo