Re: http-response set-header is unreliable

Hi Tim, On Tue, May 01, 2018 at 01:57:06AM +0200, Tim Düsterhus wrote: > Willy, > > Am 30.04.2018 um 23:06 schrieb Willy Tarreau: > >> Anything I could do to help investigate this? I can apply patches with > >> additional logging or I can send you the unredacted configuration in > >> private if

Re: http-response set-header is unreliable

Willy, Am 30.04.2018 um 23:06 schrieb Willy Tarreau: >> Anything I could do to help investigate this? I can apply patches with >> additional logging or I can send you the unredacted configuration in >> private if that would help. > > OK, it's just that for now I can't propose anything, I'm

Re: http-response set-header is unreliable

On Mon, Apr 30, 2018 at 09:06:16PM +0200, Tim Düsterhus wrote: > Am 30.04.2018 um 15:48 schrieb Willy Tarreau: > >> And why does it affect two headers at once? If the length is right below > >> the limit intuitively only the very last header should be affected. > > > > I really don't know, maybe

LUA Converters should be global

Right now in LUA, all the HAProxy converters are accessible through the `Converters` class. However this class is only accessible through the TXN class. Can we get this changed so that the Converters class is a global? My intent is to be able to call a builtin HAProxy converter from within a

Lua http-request use-service issue

Hi, I'm using a Lua function with the applet class to respond to certain requests directly from haproxy/Lua. For this, I have "http-request use-service lua.foo if some_acl" in my frontend. Everything works fine except when I add a default backend which itself has a line like "http-request

Re: http-response set-header is unreliable

Willy, Am 30.04.2018 um 15:48 schrieb Willy Tarreau: >> And why does it affect two headers at once? If the length is right below >> the limit intuitively only the very last header should be affected. > > I really don't know, maybe the rules are aborted during their processing. Anything I could

Re: Switch from http mode to tcp mode at will

Hi, On Mon, Apr 30, 2018 at 04:53:58PM +0200, Hoggins! wrote: > Hi, > > Le 30/04/2018 à 16:35, Aleksandar Lazic a écrit : > > Hi. > > > > Am 30.04.2018 um 16:11 schrieb Hoggins!: > >> Hello list, > >> > >> I have a case where I would like HAProxy to "get out of the way" if a > >> certain pattern

Logging Question

Hi Willy/Oliver, One small question: When I capture the header it's returning .com in the log but when I perform Get on .com:1000 it is not matching the following configuration. frontend http-1000 bind *:1000 option httplog capture request header Host len 20 acl

stable-bot: NOTICE: 7 bug fixes in queue for next release

Hi, This is a friendly bot that watches fixes pending for the next haproxy-stable release! One such e-mail is sent every week once patches are waiting in the last maintenance branch, and an ideal release date is computed based on the severity of these fixes and their merge date. Responses to

Re: Switch from http mode to tcp mode at will

Hi Hoggins. It would help when you share some more informations. haproxy -vv Your config. Best regards Aleks Ursprüngliche Nachricht Von: Hoggins! Gesendet: 30. April 2018 16:53:58 MESZ An: haproxy@formilux.org Betreff: Re: Switch from http mode to tcp

Re: Switch from http mode to tcp mode at will

Hi, Le 30/04/2018 à 16:35, Aleksandar Lazic a écrit : > Hi. > > Am 30.04.2018 um 16:11 schrieb Hoggins!: >> Hello list, >> >> I have a case where I would like HAProxy to "get out of the way" if a >> certain pattern is detected in a HTTP request. In that particular case, >> I would like to select

Re: Switch from http mode to tcp mode at will

Hi. Am 30.04.2018 um 16:11 schrieb Hoggins!: > Hello list, > > I have a case where I would like HAProxy to "get out of the way" if a > certain pattern is detected in a HTTP request. In that particular case, > I would like to select a TCP backend over an HTTP one if the conditions > are met. >

Switch from http mode to tcp mode at will

Hello list, I have a case where I would like HAProxy to "get out of the way" if a certain pattern is detected in a HTTP request. In that particular case, I would like to select a TCP backend over an HTTP one if the conditions are met. But I'm not sure if it's feasible or even if it's the correct

Re: http-response set-header is unreliable

Hi Tim, On Sun, Apr 29, 2018 at 09:36:13PM +0200, Tim Düsterhus wrote: > Willy, > > Am 28.04.2018 um 07:51 schrieb Willy Tarreau: > > Not that many ideas. Could you retry by setting "tune.maxrewrite" to a > > larger value ? It defaults to 1024, and maybe you're already adding 1kB > > of response

Re: Question on Caching.

Hi Andrew, On Mon, Apr 30, 2018 at 10:08:11AM +0100, Andrew Smalley wrote: > Hi Willy > > Thank you for you for your detailed reply explaining why you think only the > favicon cache is sensible and that a full-blown cache within Haproxy > is not the best of ideas although interesting. > > I

Re: [PATCH 0/2] Re: Logging SSL pre-master-key

On Sat, Apr 28, 2018 at 07:15:44PM -0400, Patrick Hemmer wrote: > After much delay, I've addressed the requested changes as a new patch. Both patches merged now (with SMP_F_CONST removed as noticed by Emeric). Thanks! Willy

Re: [ANNOUNCE] haproxy-1.7.11

Am 30.04.2018 um 12:11 schrieb Christopher Faulet: > Hi, > > HAProxy 1.7.11 was released on 2018/04/30. It added 38 new commits after > version 1.7.10. New docker images also available. https://hub.docker.com/r/me2digital/haproxy17/ Regards Aleks > It fixes a major issue when HAProxy is

Re: [PATCH 2/2] MINOR: ssl: add fetch 'ssl_fc_session_key' and 'ssl_bc_session_key'

Hi guys, On Mon, Apr 30, 2018 at 11:13:13AM +0200, Emeric Brun wrote: > Hi Patrick, > > On 04/29/2018 01:15 AM, Patrick Hemmer wrote: > > > > These fetches return the SSL master key of the front/back connection. > > This is useful to decrypt traffic encrypted with ephemeral ciphers. > > --- > >

Re: [PATCH 1/2] MINOR: ssl: disable SSL sample fetches when unsupported

On 2018/4/30 04:58, Emeric Brun wrote: > Hi Patrick, > > On 04/29/2018 01:15 AM, Patrick Hemmer wrote: >> Previously these fetches would return empty results when HAProxy was >> compiled >> without the requisite SSL support. This results in confusion and problem >> reports from people who

[ANNOUNCE] haproxy-1.7.11

Hi, HAProxy 1.7.11 was released on 2018/04/30. It added 38 new commits after version 1.7.10. It fixes a major issue when HAProxy is compiled with some GCC versions (<= 3.x and >= 5.x). Because of a typo in a if statement in the function bo_getline_nc(), HAProxy crashes when it tries to read

Re: Truly seamless reloads

On Mon, Apr 30, 2018 at 10:35:37AM +0300, Veiko Kukk wrote: > On 26/04/18 17:11, Veiko Kukk wrote: > > Hi, > > > > According to > > https://www.haproxy.com/blog/truly-seamless-reloads-with-haproxy-no-more-hacks/ > > > > : > > > > "The patchset has already been merged into the HAProxy 1.8

Re: [PATCH 2/2] MINOR: ssl: add fetch 'ssl_fc_session_key' and 'ssl_bc_session_key'

Hi Patrick, On 04/29/2018 01:15 AM, Patrick Hemmer wrote: > > These fetches return the SSL master key of the front/back connection. > This is useful to decrypt traffic encrypted with ephemeral ciphers. > --- > doc/configuration.txt | 13 + > src/ssl_sock.c| 35

Re: Question on Caching.

Hi Willy Thank you for you for your detailed reply explaining why you think only the favicon cache is sensible and that a full-blown cache within Haproxy is not the best of ideas although interesting. I will continue the search for a viable yet small cache. Andruw Smalley Loadbalancer.org

Re: [PATCH 1/2] MINOR: ssl: disable SSL sample fetches when unsupported

Hi Patrick, On 04/29/2018 01:15 AM, Patrick Hemmer wrote: > > Previously these fetches would return empty results when HAProxy was > compiled > without the requisite SSL support. This results in confusion and problem > reports from people who unexpectedly encounter the behavior. > --- >

Another stable maintainer :-)

Hi all, since Christopher devotes a lot of time to fixing bugs and he often waits for me to backport them, I figured it could make it more efficient for all of us if he joined the stable team and could backport fixes and issue releases himself. He agreed to this, so don't be surprised to see a

Re: Truly seamless reloads

On 26/04/18 17:11, Veiko Kukk wrote: Hi, According to https://www.haproxy.com/blog/truly-seamless-reloads-with-haproxy-no-more-hacks/ : "The patchset has already been merged into the HAProxy 1.8 development branch and will soon be backported to HAProxy Enterprise Edition 1.7r1 and