Re: in-house vulnerability scan vs. stats socket

On Mon, Jun 19, 2017 at 3:34 PM, Jim Freeman wrote: > FWIW / FYI - > > # haproxy -v > HA-Proxy version 1.5.18 2016/05/10 > > An in-house vulnerability scanner found our haproxy stats sockets and > started probing, sending bogus requests, HTTP_* methods, etc. > > The many

Re: HAProxy 1.5.18 - rare handshake failure - Bad Record MAC

Hello Janek, Am 19.06.2017 um 14:13 schrieb Teichmann, Janek: > Hi, > > I have a problem with HAProxy 1.5.18 on a Centos 7.2.1511. I installed the > HAProxy from the epel repository. So just the normal packages. > The problem is a rarely appearing ssl handshake error. HAProxy is terminating >

RE: in-house vulnerability scan vs. stats socket

What scanner did you use? -Original Message- From: Jim Freeman [sovr...@gmail.com] Received: Monday, 19 Jun 2017, 3:36PM To: HAProxy [haproxy@formilux.org] Subject: in-house vulnerability scan vs. stats socket FWIW / FYI - # haproxy -v HA-Proxy version 1.5.18 2016/05/10 An in-house

in-house vulnerability scan vs. stats socket

FWIW / FYI - # haproxy -v HA-Proxy version 1.5.18 2016/05/10 An in-house vulnerability scanner found our haproxy stats sockets and started probing, sending bogus requests, HTTP_* methods, etc. The many requests, even though the request paths were not valid at the stats socket, made for a DoS

Re: Debian upgrade to haproxy 1.7.5: tcp-check fails with Socket error, info: "No port available for the TCP connection"

Hello, Am 19.06.2017 um 11:27 schrieb Philipp Kolmann: > This config works in 1.5.8 but fails to tcp-check in 1.7.5. > > The errors in the logfile look like this: > > Jun 19 10:52:57 testha2 haproxy[5042]: Server mail-exchtest-smtp/mbx13a is > DOWN, reason: Socket error, info: "No port

Re: Logging SSL pre-master-key

On 2017/6/17 00:00, Willy Tarreau wrote: > Hi Patrick, > > On Fri, Jun 16, 2017 at 09:36:30PM -0400, Patrick Hemmer wrote: >> The main reason I had for supporting the older code is that it seems >> many (most?) linux distros, such as the one we use (CentOS/7), still >> ship with 1.0.1 or 1.0.2.

Re: master-worker and seamless reload (bug)

> Le 19 juin 2017 à 15:06, William Lallemand a écrit : > > On Mon, Jun 19, 2017 at 11:26:31AM +0200, Emmanuel Hocdet wrote: >> >> Exactly, use case is to upgrade haproxy from a 1.6/1.7/1.8 compatibility to >> 1.8 with master worker. >> > > That's insteresting, I will

Re: master-worker and seamless reload (bug)

On Mon, Jun 19, 2017 at 11:26:31AM +0200, Emmanuel Hocdet wrote: > > Exactly, use case is to upgrade haproxy from a 1.6/1.7/1.8 compatibility to > 1.8 with master worker. > That's insteresting, I will do some tests in order to be able to do this properly. > > It's much simpler than I

HAProxy 1.5.18 - rare handshake failure - Bad Record MAC

Hi, I have a problem with HAProxy 1.5.18 on a Centos 7.2.1511. I installed the HAProxy from the epel repository. So just the normal packages. The problem is a rarely appearing ssl handshake error. HAProxy is terminating ssl with the config below. You can see that we are load balancing

Re: understanding reqirep & rspirep

El 16/06/17 a las 10:23, Antonio Trujillo Carmona escribió: > Thank in advance for your great work. > I need to make a rewriter in a url. > We have one toncat app and we need to use it 2 scenario, > application (we can't touch it) work in enviroment aplication/ > so if we use

Debian upgrade to haproxy 1.7.5: tcp-check fails with Socket error, info: "No port available for the TCP connection"

Hi, I have tested the Debian upgrade from jessie to strech on a test-box and now my config doens't work anymore with haproxy 1.7.5. I also tested it an a jessie box with backported haproxy 1.7.5. I see the same error there. My config for looks like this: global log /dev/log

Re: master-worker and seamless reload (bug)

> Le 16 juin 2017 à 18:49, William Lallemand a écrit : > > > On Fri, Jun 16, 2017 at 05:28:51PM +0200, Emmanuel Hocdet wrote: >> Hi, >> > > Hi Emmanuel, > Hi William >> i try to play with that, but i’m a little confused with the behaviour. >> >> In my test, i use