[PATCH 2/2] tests for queue set-priority

--- Makefile.test| 21 + tests/test-queue.cfg | 8 tests/test_queue.c | 117 +++ 3 files changed, 146 insertions(+) diff --git a/Makefile.test b/Makefile.test new file mode 100644 index 0..41dd03c71 --- /dev/null

[PATCH 0/2] Re: Priority based queuing

On 2018/5/5 13:55, Willy Tarreau wrote: > On Sat, May 05, 2018 at 01:33:51PM -0400, Patrick Hemmer wrote: >>> Also I'm thinking that we can even use 32-bit by putting the frontier >>> between the date and the fixed priority (let's call it class) somewhere >>> else : >>> - 8 bit class + 24 bit

[PATCH 1/2] MEDIUM: add set-priority-class and set-priority-offset

This adds the set-priority-class and set-priority-offset actions to http-request and tcp-request content. The priority values are used when connections are queued to determine which connections should be served first. The lowest priority class is served first. When multiple requests from the same

[PATCH] BUG/MEDIUM: pollers/kqueue: use incremented position in event list

Hi Olivier, Please take a look at attached patch. When adding 2 fd's the second overwrote the first one. Tagged it medium as haproxy just didn't work at all. (with kqueue.). Though it could perhaps also be minor, as the commit has only been done recently.?. Anyhow.. This seems to fix it :).

Re: WAF with HA Proxy.

Thank you for the feedback, although this is in fact a technical solution I never intended to offend anyone. I have submitted fixes to haproxy in the past but have not as you say responded to questions before this. thanks again for the feedback -mark On Wed, May 9, 2018 at 2:03 PM, Willy

Re: Haproxy SSO

Hi Thierry Thank you for your reply confirming that portion is for HAPEE only, Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 asmal...@loadbalancer.org Leave a Review | Deployment Guides | Blog On 9 May 2018 at 22:17,

Re: Haproxy SSO

On Wed, 9 May 2018 22:02:49 +0100 Andrew Smalley wrote: > Hi Thierry > > I saw the packetengine here > https://www.haproxy.com/documentation/aloha/9-5/packetshield/sso/ Ok. There are "HAProxy Technologies" softwares. Do not hesitate to contact the company for more

Re: WAF with HA Proxy.

Mark, On Wed, May 09, 2018 at 10:40:38AM -0700, Mark Lakes wrote: > For commercial purposes, see Signal Sciences Next Gen WAF solution: > https://www.signalsciences.com/waf-web-application-firewall/ Advertising for commercial products on an open source list is never welcome especially when such

Re: Haproxy SSO

Hi Thierry I saw the packetengine here https://www.haproxy.com/documentation/aloha/9-5/packetshield/sso/ It looks like it's a HAPEE thing only thou. "sudo apt install hapee--spoa-sso" part way down the page Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44

Re: Haproxy SSO

On Wed, 9 May 2018 21:51:13 +0100 Andrew Smalley wrote: > Hi Thierry, > > I split the thread as I changed subject to SSO part way through, I > apologize for that. > > Your references to SPOA/SPOE Engines were liked very much. I see the > SPOA examples in the source

Re: WAF with HA Proxy.

On Thu, 10 May 2018 02:07:24 +0530 DHAVAL JAISWAL wrote: > I would prefer to keep this in front of HAProxy. So that any request comes > first it will pass through he WAF standard rules and then it will come > inside. HAProxy is a very robust component. It block protocol

Haproxy SSO

Hi Thierry, I split the thread as I changed subject to SSO part way through, I apologize for that. Your references to SPOA/SPOE Engines were liked very much. I see the SPOA examples in the source code just now in the link you provided

Re: WAF with HA Proxy.

On Wed, 9 May 2018 21:10:48 +0100 Andrew Smalley wrote: > Hello Thierry > > Thank you for your response saying it is the SPOE engine that does > mod_security integration and not the almost correct SPOA that I said. No, you're right: SPOA is the Agent and the ModSec

Re: WAF with HA Proxy.

I would prefer to keep this in front of HAProxy. So that any request comes first it will pass through he WAF standard rules and then it will come inside. Could you please help me with some more documentation, configuration about this. How would I achieve it. On Thu, May 10, 2018 at 12:14 AM,

Re: WAF with HA Proxy.

Sure, note that it doesnt integrate with mod_security. It integrates with haproxy via a lua script and haproxy config that uses it. *Mark Lakes* Sr Software Engineer (555) 555- Winner: InfoWorld Technology of the Year 2018

Re: WAF with HA Proxy.

Hello Thierry Thank you for your response saying it is the SPOE engine that does mod_security integration and not the almost correct SPOA that I said. Can I ask how haproxy does the SSO with the SPOE/SPOA Engine? Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44

Re: WAF with HA Proxy.

Hi, I confirm: the modsecurity i done throught SPOE. The limitation are: The limit of the body size analysed is the size of HAProxy buffer (default 16kB, but for my own usage, I configure 1MB) The response is not analysed. BR, Thierry > On 9 May 2018, at 21:40, Andrew Smalley

Re: WAF with HA Proxy.

Hi Mark Actually as far as I understand the Haproxy implementation of mod_security integration is not with Lua but with SPOA https://www.haproxy.org/download/1.7/doc/SPOE.txt Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064

Re: WAF with HA Proxy.

RIght, via lua module it integrates with haproxy. -mark *Mark Lakes* Sr Software Engineer (555) 555- Winner: InfoWorld Technology of the Year 2018

Re: WAF with HA Proxy.

Dhaval, As far as I'm concerned almost everyone on the planet uses mod_security... But most use it with apache & some use it with Nginx... So you can either put it on all of your web servers... Or Put it in-front of HAProxy... Or make an HAProxy[1] sandwich (which is what we do at

Re: WAF with HA Proxy.

On Wed, 9 May 2018 at 18:43, Mark Lakes wrote: > For commercial purposes, see Signal Sciences Next Gen WAF solution: > https://www.signalsciences.com/waf-web-application-firewall/ > That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it integrate with

Re: WAF with HA Proxy.

Looking for open source. On Wed, May 9, 2018 at 11:10 PM, Mark Lakes wrote: > For commercial purposes, see Signal Sciences Next Gen WAF solution: > https://www.signalsciences.com/waf-web-application-firewall/ > > > > *Mark Lakes* > Sr Software Engineer > (555)

Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

Hi Thierry, Op 9-5-2018 om 18:30 schreef Thierry Fournier: It seems a dead lock, but you observe a loop. Effectively it is a deadlock, it keeps looping over these few lines of code below from xref.h

Re: WAF with HA Proxy.

For commercial purposes, see Signal Sciences Next Gen WAF solution: https://www.signalsciences.com/waf-web-application-firewall/ *Mark Lakes* Sr Software Engineer (555) 555- Winner: InfoWorld Technology of the Year 2018

Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

> On 9 May 2018, at 18:30, Thierry Fournier > wrote: > > > >> On 8 May 2018, at 00:33, PiBa-NL wrote: >> >> Hi List, Thierry, >> >> Actually this is not limited to restarts, and also happens with 1.9dev. It >> now happens while

Re: 1.8.8 & 1.9dev, lua, xref_get_peer_and_lock hang / 100% cpu usage after restarting haproxy a few times

> On 8 May 2018, at 00:33, PiBa-NL wrote: > > Hi List, Thierry, > > Actually this is not limited to restarts, and also happens with 1.9dev. It > now happens while haproxy was running for a while and no restart was > attempted while running/debugging in my NetBeans

Re: [Lua] Using txn.c:

On Tue, 8 May 2018 21:26:49 +0200 Baptiste wrote: > On Tue, May 8, 2018 at 8:17 PM, Baptiste wrote: > > > Hi All, Thierry, > > > > I'm trying to use the converter 'table_http_req_cnt()' from a Lua script, > > but I'm not successful and so I wonder how I'm

Re: Switch from http mode to tcp mode at will

Thanks ! That makes a lot of sense. I was trying to find some more info because I was not sure what was actually happening. The idea was to use HAProxy as a frontend for some Icecast HTTP streaming. I'm already using it as an SSL offloader, and it works like a charm : streaming clients connect

Re: 502 Bad Gateway

Hi Praveen. Am 09-05-2018 00:25, schrieb UPPALAPATI, PRAVEEN: Hi Aleks, Thanks for the info. Some of the default config we corrected in the prod. Let me clarify you on whatz working and whatz not working for us with option http-proxy Config: listen http_proxy-1000 bind *:1000 mode

req.body_param([])

Hello, We use the req.body_param([]) setting to retrieve body parameter from the incoming HTTP queries and place them into the logs. Unfortunately this only works with HTTP POST requests. In our case we need to extract the parameter from PUT requests as well. Would it be an option to use

WAF with HA Proxy.

I am looking for WAF solution with HA Proxy. One which I come to know is with HA Proxy version 1.8.8 + mode security. However, I feel its still on early stage. Any other recommendation for WAF with HA Proxy. -- Thanks & Regards Dhaval Jaiswal