Re: [PATCH] Added support for Arrays in sample_conv_json_query in sample.c

On Mon, Sep 25, 2023 at 01:30:53PM +, Jens Popp wrote: > Method now returns the content of Json Arrays, if it is specified in > Json Path as String. The start and end character is a square bracket. Any > complex object in the array is returned as Json, so that you might get Arrays > of Array

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi Tristan, Thanks for the nice work :) Just my 2 cents, in the second patch, since you change the default behavior, you forgot to update your comment from the 1st patch in Lua's doc according to the new behavior: > diff --git a/doc/lua.txt b/doc/lua.txt > index 8d5561668..8d244ab3a 100644 >

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi all again, Here is the updated patch set after changes based on feedback received. The change is now split across 2 patches. Patch 0001 adding: - tune.lua.log { on | off } (defaults to 'on') for usage of loggers - tune.lua.log-stderr { on | auto | off } (defaults to 'on') for usage of

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

On 20/10/2023 15:30, Tristan wrote: ie in this snippet (hlua.c:1387): static inline void hlua_sendlog(struct proxy *px, ...) { ... if (... && (!LIST_ISEMPTY(>loggers)))     return; has the following results: - locally from source => compiles happily - locally from clone +

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi again Willy, On 18/10/2023 07:47, Willy Tarreau wrote: [...] maybe we can have a 3rd value "auto" which would be the default and which would only log to stderr if there's no other logger ? I don't know if we have this info where it's used, though. Hmmm at first glance we

Re: Some filter discussion for the future

Hi. FYI: I have created a repo for the rs filter https://github.com/git001/hap-rs-filter feel free to participate/contribute :-) Regards Alex On 2023-10-19 (Do.) 22:53, Aleksandar Lazic wrote: Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome

Re: Some filter discussion for the future

Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome follow-up to the tangent we went on in the announce thread. Thanks :-) As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options.

Re: Override X-Forwarded-Port with send-proxy-v2

My bad, I was testing it on wrong instance. tcp-request content set-dst-port int(80) is working fine :-) Best Regards, Andrei Kvapil On Thu, Oct 19, 2023 at 8:06 PM kvaps wrote: > Hi, > > I run haproxy in non-privileged container, so I can't bind on higher port > eg 80 and 443 > Thus I

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi Tristan, On Wed, Oct 18, 2023 at 04:25:47PM +, Tristan wrote: > > > > ... > > > One last thing, SEND_ERR() reports to stderr through ha_alert() and > > > hlua_sendlog() does it through fprintf(stderr, ) by appending a static > > > header containing the log level, the date and the pid:

Re: any way to get longer header names in haproxy?

Hello, On Wed, Oct 18, 2023 at 11:31:30AM -0700, Jerry Scharf (he/him/his) wrote: > We use haproxy for https termination for one of our services. We are trying > to upgrade to late model haproxy, but have run into a problem. In old > haproxy versions, it allowed 1k header names and we told our

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

By the way, since we're talking about it, I think that actually it's not logs that we're sending to stderr, it's Lua's alert messages that we're sending both to stderr and logs. Well I am no expert in what qualifies as "logs" vs "alerts", but the messages sent from (for example) txn:Info()

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

On Wed, Oct 18, 2023 at 04:23:06PM +, Tristan wrote: > Hi Willy, > > > On 18/10/2023 07:47, Willy Tarreau wrote: > > Hi Tristan, > > > > ... > > > > I'm fine with the general approach, but I'm having two comments: > > > >- using the word "also" in the option name is really not welcome

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

... One last thing, SEND_ERR() reports to stderr through ha_alert() and hlua_sendlog() does it through fprintf(stderr, ) by appending a static header containing the log level, the date and the pid: maybe we should try to unify those outputs as well? I'm not sure anyone really *wants* to

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi Willy, On 18/10/2023 07:47, Willy Tarreau wrote: Hi Tristan, ... I'm fine with the general approach, but I'm having two comments: - using the word "also" in the option name is really not welcome ("tune.lua.also-log-to-stderr"), and actually more confusing than without

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi Aurélien, On Wed, Oct 18, 2023 at 09:32:19AM +0200, Aurelien DARRAGON wrote: > Hi Guys, > > I also have a suggestion, while at it: > > SEND_ERR() which is used to report unexpected Lua errors (because of > improper API usage, or due to external factors such as IO/memory issues) > currently

Re: [PATCH 2/4] MEDIUM: connection: Send out generically allocated proxy-v2-options

Hi Alexander, I'm starting from the doc as it eases the discussion. On Thu, Oct 05, 2023 at 11:05:50AM +, Stephan, Alexander wrote: > --- a/doc/configuration.txt > +++ b/doc/configuration.txt > @@ -16671,6 +16671,26 @@ proxy-v2-options [,]* > generated unique ID is also used

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi Guys, I also have a suggestion, while at it: SEND_ERR() which is used to report unexpected Lua errors (because of improper API usage, or due to external factors such as IO/memory issues) currently does a stderr duplication as in hlua_sendlog() I'm thinking that it could be useful to make

Re: [PATCH] MINOR: lua: Add a flag to disable logging to stderr

Hi Tristan, On Tue, Oct 17, 2023 at 06:19:57PM +, Tristan wrote: > By default, messages printed from LUA log functions are sent both to > the configured log target and additionally to stderr (in most cases). > This introduces tune.lua.also-log-to-stderr for disabling that > second copy of the

Re: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Hi Alexander, On Tue, Oct 17, 2023 at 05:38:45PM +, Stephan, Alexander wrote: > Hi Willy, > > Do you know whether this can/will make it to the next release? It would be > crucial for us to know. I sincerely want it to, but the last annoyance around H2 etc derailed our activities a bit and

RE: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Hi Willy, Do you know whether this can/will make it to the next release? It would be crucial for us to know. Best, Alexander -Original Message- From: Willy Tarreau Sent: Thursday, October 5, 2023 2:42 PM To: Stephan, Alexander Cc: haproxy@formilux.org Subject: Re: [PATCH 0/4

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi On 10/11/23 16:05, Willy Tarreau wrote: No, I remember Tim raised this point a while ago basically saying "hey don't break the DNS I use it for my servers". For me simple server For reference, you're probably thinking of this email:

Re: Some filter discussion for the future

Hi Aleksandar, That is a welcome follow-up to the tangent we went on in the announce thread. As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options. [...] The question which I have is how difficult is it to add a http

Re: [PATCH] MINOR: support for http-response set-timeout

On Mon, Oct 16, 2023 at 05:09:13PM +0300, Vladimir Vdovin wrote: > Added set-timeout action for http-response. Adapted reg-tests and > documentation. Now merged, thank you Vladimir! Willy

Re: CVE-2023-44487 and haproxy-1.8

On Mon, Oct 16, 2023 at 08:33:51PM +0200, Aleksandar Lazic wrote: > > On 2023-10-16 (Mo.) 20:12, Lukas Tribus wrote: > > On Mon, 16 Oct 2023 at 19:41, Aleksandar Lazic wrote: > > > > > > > > > > > > On 2023-10-16 (Mo.) 19:29, ??? wrote: > > > > Does 1.8 support http/2? > > > > > >

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 20:12, Lukas Tribus wrote: On Mon, 16 Oct 2023 at 19:41, Aleksandar Lazic wrote: On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. Actually haproxy 1.8 supports H2 (without implementing HTX), as per the documentation and announcements:

Re: CVE-2023-44487 and haproxy-1.8

Hi . On 2023-10-16 (Mo.) 19:55, Ryan O'Hara wrote: I wondered exactly the same thing, but then saw this on the haproxy.org website: "version 1.8 : multi-threading, HTTP/2, cache, on-the fly server addition/removal, seamless reloads, DNS SRV, hardware SSL engines, ..." I know that

Re: CVE-2023-44487 and haproxy-1.8

On Mon, 16 Oct 2023 at 19:41, Aleksandar Lazic wrote: > > > > On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: > > Does 1.8 support http/2? > > No. Actually haproxy 1.8 supports H2 (without implementing HTX), as per the documentation and announcements:

Re: CVE-2023-44487 and haproxy-1.8

I wondered exactly the same thing, but then saw this on the haproxy.org website: "version 1.8 : multi-threading, HTTP/2, cache, on-the fly server addition/removal, seamless reloads, DNS SRV, hardware SSL engines, ..." I know that haproxy-1.9 added end-to-end HTTP/2, so is that the determining

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. On Mon, Oct 16, 2023, 18:58 Ryan O'Hara > wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid

Re: CVE-2023-44487 and haproxy-1.8

Does 1.8 support http/2? On Mon, Oct 16, 2023, 18:58 Ryan O'Hara wrote: > Hi all. > > I read the most recently HAProxy Newsletter, specifically the article "HAProxy > is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A > This article states that HAProxy versions 1.9 and

Re: CVE-2023-44487 and haproxy-1.8

Hi Ryan. On 2023-10-16 (Mo.) 17:49, Ryan O'Hara wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A This article states that HAProxy versions 1.9 and later are *not* affetced,

Re: [PATCH] MINOR: support for http-response set-timeout

Sure, you are right. Sending little fix. > 16 окт. 2023 г., в 09:21, Willy Tarreau написал(а): > > Hi Vladimir, > > On Sun, Oct 15, 2023 at 06:00:01AM +0300, Vladimir Vdovin wrote: >> Added set-timeout action for http-response. Adapted reg-tests and >> documentation. > > Thanks for this. At

Re: FYI: OpenWrt switches from wolfssl to mbedtls as default

On Fri, Oct 13, 2023 at 04:30:37PM +0200, William Lallemand wrote: > > and TLSv1.3 is a must-have, > > I don't get this point, mbedtls supports TLS 1.3 so I don't really > understand what they are talking about. Maybe they disable TLS 1.3 on > the 2.28 version for some rease but I couldn't find

Re: [PATCH] MINOR: support for http-response set-timeout

Hi Vladimir, On Sun, Oct 15, 2023 at 06:00:01AM +0300, Vladimir Vdovin wrote: > Added set-timeout action for http-response. Adapted reg-tests and > documentation. Thanks for this. At first glance it looks good. I'm just seeing one small nit in the doc: > +http-response set-timeout { client |

Re: Request for feedback: Add fetcher for getting all cookie names

Hi Ruei-Bang, On Fri, Oct 13, 2023 at 08:59:24PM +, Ruei-Bang Chen wrote: > Hi team, > > > This is related to my previous email regarding adding a fetcher for all > headers excluding cookies, but I think it might be helpful to open a separate > thread to discuss this alone as cookie is a

Re: Request for feedback: Add fetcher for all headers excluding cookies

Hi Ruei-Bang, On Fri, Oct 13, 2023 at 08:54:24PM +, Ruei-Bang Chen wrote: > Hi Willy, > > Thank you for the great suggestion! I agree that it would be more general for > other use cases to have support for only including or excluding certain > headers. > > I can look into the implementation

Re: Request for feedback: Add fetcher for all headers excluding cookies

implementation, but we observed there would be a lot more malloc/free that impacted performance and took a lot of CPUs when QPS was high (100k+). Ruei-Bang From: Willy Tarreau Sent: Thursday, October 12, 2023 8:56 PM To: Ruei-Bang Chen Cc: haproxy@formilux.org Subject: Re

Re: FYI: OpenWrt switches from wolfssl to mbedtls as default

On Fri, Oct 13, 2023 at 11:39:59AM +, Lukas Tribus wrote: > Hello, > > > an interesting move from the OpenWRT project: > > > > Switch from wolfssl to mbedtls as default > > = > > > > OpenWrt has transitioned its default cryptographic library from

Re: HA Proxy

Hi Mohammed. Yes HAProxy supports all of the requested capacity and features from below. For a nice example what HAProxy is able to handle can you read this Blog post. https://www.haproxy.com/blog/haproxy-forwards-over-2-million-http-requests-per-second-on-a-single-aws-arm-instance The very

Re: Request for feedback: Add fetcher for all headers excluding cookies

Hi Ruei-Bang, On Thu, Oct 12, 2023 at 09:44:22PM +, Ruei-Bang Chen wrote: > Hi team, > > I am writing to gather feedback on an idea before doing the implementation. > > > We have a use-case where we need all headers except for cookies. Currently, > the fetcher "req.hdrs" / "res.hdrs"

Re: OCSP update restarts all proxies

On 10/4/23 09:18, William Lallemand wrote: Nothing in haproxy initiate a service reload, are sure you don't have an external process which is doing it? The systemd support within HAProxy is only meant to provide a status to systemd, it does not send it actions. I found the issue. I am not

Re: mfa issue

Hi Dario, On Wed, Oct 11, 2023 at 03:52:05PM +, Dario Girella wrote: > Hi, > i try to user MFA authentication on my exchange server behind haproxy. > First Access to OWA works fine, when then i allow access by MFA app owa page > doesn't open. > Need particular configuration? Unfortunately

Re: [ANNOUNCE] haproxy-2.9-dev7

On Wed, Oct 11, 2023 at 02:20:02PM +, Branitsky, Norman wrote: > The sample SAML authentication code saml.ini was provided by HAProxy > Enterprises support. > They also provided: > /opt/hapee-extras/bin/hapee-saml Ah OK I didn't catch that you were talking about this one, shame on me :-)

Re: [ANNOUNCE] haproxy-2.9-dev7

On Tue, Oct 10, 2023 at 01:20:13PM +, Tristan wrote: > That said, I do have some use-cases at the moment where I actively make use > of SRV records on the backends internally, for which losing support would be > a little annoying, so I can appreciate the will to keep them. These are among the

Re: [ANNOUNCE] haproxy-2.9-dev7

The sample SAML authentication code saml.ini was provided by HAProxy Enterprises support. They also provided: /opt/hapee-extras/bin/hapee-saml On Oct 11, 2023, at 9:39 AM, Willy Tarreau wrote: Hi Norman, On Tue, Oct 10, 2023 at 11:44:52AM +, Branitsky, Norman wrote: I use the SPOE for

Re: [ANNOUNCE] haproxy-2.9-dev7

On Tue, Oct 10, 2023 at 03:04:26PM +0200, Aleksandar Lazic wrote: > > WASM on the other hand would provide more performance and compile-time > > checks but I fear that it could also bring new classes of issues such as > > higher memory usage, higher latencies, and would make it less convenient > >

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Norman, On Tue, Oct 10, 2023 at 11:44:52AM +, Branitsky, Norman wrote: > I use the SPOE for SAML authentication with Okta and Azure AD. OK, thanks a lot for sharing your use case. Just out of curiosity, is this a component that you developed yourself (or in your company) or something

Re: Options for mitigating CVE-2023-44487 with HAProxy

On Tue, Oct 10, 2023 at 10:03:32PM +, Lukas Tribus wrote: > On Tue, 10 Oct 2023 at 20:22, Willy Tarreau wrote: > > > > So at this point I'm still failing to find any case where this attack > > hurts haproxy more than any of the benchmarks we're routinely inflicting > > it, given that it acts

Re: Options for mitigating CVE-2023-44487 with HAProxy

On Tue, 10 Oct 2023 at 20:22, Willy Tarreau wrote: > > So at this point I'm still failing to find any case where this attack > hurts haproxy more than any of the benchmarks we're routinely inflicting > it, given that it acts exactly like a client configured with a short > timeout (e.g. if you

Re: Options for mitigating CVE-2023-44487 with HAProxy

On Tue, Oct 10, 2023 at 07:23:25PM +, Tristan wrote: > Thanks for looking into it, Willy :-) You're welcome. Actually last week I ran some tests *exactly* on this, thinking that it was the same principle as leaving orphaned sockets when you're limited on FDs. That's how I discovered the pool

Re: Options for mitigating CVE-2023-44487 with HAProxy

Thanks for looking into it, Willy :-) > On 10 Oct 2023, at 19:24, Willy Tarreau wrote: > […] > But for now if you site requires any of this, I can't see how it has not > experienced weekly outages from standard attacks. Funny that you mention this; bit out of topic but we had enjoyed a

Re: Options for mitigating CVE-2023-44487 with HAProxy

On Tue, Oct 10, 2023 at 03:57:09PM +0200, Willy Tarreau wrote: > On Tue, Oct 10, 2023 at 03:49:21PM +0200, Willy Tarreau wrote: > > > Seems like a clever update to the "good old" h2 multiplexing abuse > > > vectors: > > > 1. client opens a lot of H2 streams on a connection > > > 2. Spams some

Re: Options for mitigating CVE-2023-44487 with HAProxy

On Tue, Oct 10, 2023 at 03:49:21PM +0200, Willy Tarreau wrote: > > Seems like a clever update to the "good old" h2 multiplexing abuse vectors: > > 1. client opens a lot of H2 streams on a connection > > 2. Spams some requests > > 3. immediately sends h2 RST frames for all of them > > 4. Go back to

Re: Options for mitigating CVE-2023-44487 with HAProxy

Hi Tristan, On Tue, Oct 10, 2023 at 12:56:12PM +, Tristan wrote: > Hi all, > > This just got disclosed: > - > https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ > - >

Re: [ANNOUNCE] haproxy-2.9-dev7

On 10/10/2023 14:04, Aleksandar Lazic wrote: ... Well this implies that always a dpapi should run together with HAProxy if you want something like DNS resolving for server or anything else? I don't think Willy meant removing this much; from a previous discussion with him on the topic, it

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi. On 2023-10-10 (Di.) 09:08, Willy Tarreau wrote: Hi Tristan, On Sun, Oct 08, 2023 at 12:15:00PM +, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: [...] Maybe this will then bring up SPOE to a level where the body of a request can be

Re: [ANNOUNCE] haproxy-2.9-dev7

I use the SPOE for SAML authentication with Okta and Azure AD. I'm still waiting for shared variables so I can restore my active-active configuration with 2 HAPEE servers. Content by Norman. Spelling by iPhone. On Oct 10, 2023, at 03:12, Willy Tarreau wrote: On Sun, Oct 08, 2023 at

Re: [ANNOUNCE] haproxy-2.9-dev7

On Sun, Oct 08, 2023 at 02:43:57PM +0200, Aleksandar Lazic wrote: > > On 2023-10-08 (So.) 14:15, Tristan wrote: > > Since this was brought up, > > > > > On 7 Oct 2023, at 14:34, Willy Tarreau wrote: > > > > > > [...] > > > > > > > Maybe this will then bring up SPOE to a level where the body

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Tristan, On Sun, Oct 08, 2023 at 12:15:00PM +, Tristan wrote: > Since this was brought up, > > > On 7 Oct 2023, at 14:34, Willy Tarreau wrote: > > > > [...] > > > >> Maybe this will then bring up SPOE to a level where the body of a request > >> can be scanned and bring it to a full

Re: [ANNOUNCE] haproxy-2.9-dev7

On 2023-10-08 (So.) 14:15, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: […] Maybe this will then bring up SPOE to a level where the body of a request can be scanned and bring it to a full WAF level or as WASM filter. Any thoughts on the

Re: [ANNOUNCE] haproxy-2.9-dev7

Since this was brought up, > On 7 Oct 2023, at 14:34, Willy Tarreau wrote: > > […] > >> Maybe this will then bring up SPOE to a level where the body of a request >> can be scanned and bring it to a full WAF level or as WASM filter. Any thoughts on the feasibility of a WASM based alternative

Re: [ANNOUNCE] haproxy-2.9-dev7

On Sat, Oct 07, 2023 at 02:55:03PM +0200, Aleksandar Lazic wrote: > Hm, this makes me thinking to have also some mode like mysql,mqtt, what ever > to use it for monitoring or any other purpose. Good point indeed, these were among the ones that were already discussed in the past. But you get the

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 14:45, Willy Tarreau wrote: Hi Alex, On Sat, Oct 07, 2023 at 01:51:43PM +0200, Aleksandar Lazic wrote: Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6.

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Alex, On Sat, Oct 07, 2023 at 01:51:43PM +0200, Aleksandar Lazic wrote: > Hi Willy. > > On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: > > Hi, > > > > HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits > > after version 2.9-dev6. > > > > This version fixes a number of

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6. This version fixes a number of issues in previous development releases and prepares the work for subsequent patch series: [snip] -

Re: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Hi Alexander, On Thu, Oct 05, 2023 at 11:13:16AM +, Stephan, Alexander wrote: > Hi Willy, > > Ah, what a pity. Anyway, I sent them again with you in CC. Does it look > alright now? Yep, received both ways this time, thank you! Willy

RE: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Hi Willy, Ah, what a pity. Anyway, I sent them again with you in CC. Does it look alright now? Best, Alexander -Original Message- From: Willy Tarreau Sent: Wednesday, October 4, 2023 3:21 PM To: Stephan, Alexander Cc: haproxy@formilux.org Subject: Re: [PATCH 0/4] Support server-side

RE: [PATCH 4/4] MEDIUM: tcp-act: Add new set-tlv TCP action for PPv2 TLVs

From da4dc50153fe6cc7e562b63439dd8be4846e0dcf Mon Sep 17 00:00:00 2001 From: Alexander Stephan mailto:alexander.step...@sap.com>> Date: Fri, 15 Sep 2023 12:25:03 +0200 Subject: [PATCH 4/4] MEDIUM: tcp-act: Add new set-tlv TCP action for PPv2 TLVs This commit adds an action called set-tlv()

RE: [PATCH 3/4] LOW: connection: Add TLV update function

From cc8fe58a8d2f8d47b03d03fd1048fe1b9babca70 Mon Sep 17 00:00:00 2001 From: Alexander Stephan mailto:alexander.step...@sap.com>> Date: Fri, 15 Sep 2023 12:18:10 +0200 Subject: [PATCH 3/4] LOW: connection: Add TLV update function Until now, it was not possible to deliberatily change received

RE: [PATCH 2/4] MEDIUM: connection: Send out generically allocated proxy-v2-options

From 84608ed754c1a92e85e03036e8b0cd0949721ffb Mon Sep 17 00:00:00 2001 From: Alexander Stephan mailto:alexander.step...@sap.com>> Date: Fri, 15 Sep 2023 12:42:36 +0200 Subject: [PATCH 2/4] MEDIUM: connection: Send out generically allocated proxy-v2-options This commit removes the previous

RE: [PATCH 1/4] MEDIUM: server: Parse generic type-value pairs as proxy-v2-options

From fb8714c5aebd7fe957264d0f2234182f55f952fe Mon Sep 17 00:00:00 2001 From: Alexander Stephan Date: Fri, 15 Sep 2023 12:38:46 +0200 Subject: [PATCH 1/4] MEDIUM: server: Parse generic type-value pairs as proxy-v2-options This commit introduces a generic server-side parsing of type-value pair

Re: OCSP update restarts all proxies

On Wed, Oct 04, 2023 at 08:52:39AM -0600, Shawn Heisey wrote: > On 10/4/23 05:34, Remi Tricot-Le Breton wrote: > > You just have to run the following commands : > > > > $ echo "update ssl ocsp-response " | socat > > /path_to_socket/haproxy.sock - > > When I do this, the update is successful and

Re: Error While deviceatlas compile/make from source

Sorry for the inconvenience, there was indeed an essential missing component to be fully workable. It had been now fixed, from the same URL as before. Kindest regards. On Wed, 4 Oct 2023 at 00:08, Mahendra Patil wrote: > > Downloaded all latest and tried but still error > > [root@govinda opt]#

Re: OCSP update restarts all proxies

On 10/4/23 05:34, Remi Tricot-Le Breton wrote: You just have to run the following commands : $ echo "update ssl ocsp-response " | socat /path_to_socket/haproxy.sock - When I do this, the update is successful and shows in the logfile created by rsyslogd ... but unlike when haproxy does the

Re: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Hi Alexander, On Wed, Oct 04, 2023 at 12:56:07PM +, Stephan, Alexander wrote: > Can you find them if you search for the text that is shown in the archive? Not at all, not even in the spam logs :-( Please note that we've had a short outage from an haproxy core filling the whole FS ~10 days

RE: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

in the archive? If not, I can of course send them again. Best, Alexander -Original Message- From: Willy Tarreau Sent: Tuesday, October 3, 2023 11:27 AM To: Stephan, Alexander Cc: haproxy@formilux.org Subject: Re: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Re: OCSP update restarts all proxies

On 04/10/2023 03:05, Shawn Heisey wrote: On 10/3/23 01:33, Remi Tricot-Le Breton wrote: This command relies on the same task that performs the automatic update. What it does is basically add the certificate at the top of the task's update list and wakes it up. The update is asynchronous so we

Re: OCSP update restarts all proxies

On 10/3/23 01:33, Remi Tricot-Le Breton wrote: This command relies on the same task that performs the automatic update. What it does is basically add the certificate at the top of the task's update list and wakes it up. The update is asynchronous so we can't return a status to the CLI command.

Re: Error While deviceatlas compile/make from source

Downloaded all latest and tried but still error [root@govinda opt]# /opt/haproxy-ssl/sbin/haproxy -f /opt/haproxy-ssl/conf/haproxy.cfg [NOTICE] (28500) : haproxy version is 2.8.3-86e043a [NOTICE] (28500) : path to executable is /opt/haproxy-ssl/sbin/haproxy *[ALERT](28500) : config :

Re: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Hi Alexander, On Mon, Oct 02, 2023 at 10:22:17AM +, Stephan, Alexander wrote: > Hi, > > I am back from my vacation and I wanted to ask whether somebody has had the > chance to look at this. > A short ACK that the changes will be reviewed would be much appreciated. I'm sorry but I can't

Re: OCSP update restarts all proxies

On 30/09/2023 09:20, Shawn Heisey wrote: On 9/28/23 02:29, Remi Tricot-Le Breton wrote: That's really strange, the OCSP update mechanism does not have anything to do with proxies. Are you sure you did not have a crash and autorestart of your haproxy ? I did not think that I had autorestart

RE: [PATCH 0/4] Support server-side sending and forwarding of arbitrary PPv2 TLVs

Hi, I am back from my vacation and I wanted to ask whether somebody has had the chance to look at this. A short ACK that the changes will be reviewed would be much appreciated. Best, Alexander SAP SE Germany From: Stephan, Alexander Sent: Friday, September 15, 2023 6:39 PM To:

Re: haproxy.org bug pages broken (missing html headers and footer?)

On Sat, Sep 30, 2023 at 11:06:28PM +0200, Willy Tarreau wrote: > On Sat, Sep 30, 2023 at 10:19:05AM +, Mathias Weiersmüller wrote: > > Hi Willy,  > > > > > Argh, thanks for notifying us! Haproxy dev5 crashed leaving a huge core > > > that filled the FS (I hope it's complete, not checked yet),

Re: haproxy.org bug pages broken (missing html headers and footer?)

On Sat, Sep 30, 2023 at 10:19:05AM +, Mathias Weiersmüller wrote: > Hi Willy,  > > > Argh, thanks for notifying us! Haproxy dev5 crashed leaving a huge core > > that filled the FS (I hope it's complete, not checked yet), and the cron > > job that rebuilds the bugs page miserably failed as you

Re : haproxy.com : Need a digital marketing strategy in 2023

Hi *haproxy.com <http://haproxy.com>,* Greetings! I am sending this email to let you know that we are offering *SEO*, *website design, development, Re-design, Revamp, Logo Design* at *very competitive prices.* If *interested* then please get back to me. I would be happy to send you our

Re: OCSP update restarts all proxies

On 9/28/23 02:29, Remi Tricot-Le Breton wrote: That's really strange, the OCSP update mechanism does not have anything to do with proxies. Are you sure you did not have a crash and autorestart of your haproxy ? I did not think that I had autorestart for haproxy, but it turns out that the

Re: Error While deviceatlas compile/make from source

Hi Mahendra, sorry for late reply but you cam download a JSON from this page https://deviceatlas.com/deviceatlas-haproxy-module now they are compatible with the V3 api. Kind regards. On Wed, 20 Sept 2023 at 23:50, Mahendra Patil wrote: > *After installation haproxy not able to start , show

Re:@ My 2nd Reply @

hing that would like to upgrade, repair, or redesign your website. I am a web designer/developer that can do just about anything you can imagine at very affordable prices. Our Services:- ü Website Design, Re-Designing & Build New Websites ü Mobile App Development - Connect with customers

Re: OCSP update restarts all proxies

Hello, On 28/09/2023 00:30, Shawn Heisey wrote: The haproxy -vv output is at the end of this message. I got the built-in OCSP udpating mechanism working.  Works beautifully. Today I discovered that once an hour when the OCSP gets updated, haproxy stops all its proxies and starts them back

Re: [PATCH] MINOR: support for http-request set-timeout client

Le 27/09/2023 à 16:43, Vladimir Vdovin a écrit : Added set-timeout for frontend side of session, so it can be used to set custom per-client timeouts if needed. Added cur_client_timeout to fetch client timeout samples. Thanks Vladimir! The patch is merged now. -- Christopher Faulet

Re: haproxy.org bug pages broken (missing html headers and footer?)

Hi Lukas, On Wed, Sep 27, 2023 at 09:49:53PM +, Lukas Tribus wrote: > Hello, > > looks like the bug pages are broken; they contain the table of bugs > but there is really no formatting happening and it appears the entire > HTML header and footer is missing: > > Example: >

Re: haproxy.org bug pages broken (missing html headers and footer?)

Hello, And https://www.haproxy.org/bugs/index.html is an empty document. There is a link for it on haproxy.org home page (as Known bugs). Le 27/09/2023 à 23:49, Lukas Tribus a écrit : Hello, looks like the bug pages are broken; they contain the table of bugs but there is really no formatting

Re: [PATCH] MINOR: support for http-request set-timeout client

Sure it is too high, thought about this, but wanted to make less changes as possible) I will rework patch tomorrow. -- Vladimir > 26 сент. 2023 г., в 18:56, Christopher Faulet > написал(а): > > Le 25/09/2023 à 23:46, Vladimir Vdovin a écrit : >> Added set-timeout for frontend side of

Re: [PATCH] MINOR: support for http-request set-timeout client

Le 25/09/2023 à 23:46, Vladimir Vdovin a écrit : Added set-timeout for frontend side of session, so it can be used to set custom per-client timeouts if needed. Added cur_client_timeout to fetch client timeout samples. Thanks, it looks good. Number of arguments for cfg_parse_rule_set_timeout()

Re: [PATCH] MINOR: support for http-request set-timeout client

Thanks for your comments and help! Everything seems to be clear for me, so sending you fresh changes as one rebased/squashed commit. -- Vladimir Vdovin > 25 сент. 2023 г., в 11:20, Christopher Faulet > написал(а): > > Le 16/09/2023 à 06:19, Vladimir Vdovin a écrit : >> Added set-timeout for

RE: RE: RE: [PATCH] Added support for Arrays in sample_conv_json_query in sample.c

Method now returns the content of Json Arrays, if it is specified in Json Path as String. The start and end character is a square bracket. Any complex object in the array is returned as Json, so that you might get Arrays of Array or objects. Only recommended for Arrays of simple types (e.g.,

Re: RE: RE: [PATCH] Added support for Arrays in sample_conv_json_query in sample.c

Hello, On 25/09/2023 13:55, Jens Popp wrote: Method now returns the content of Json Arrays, if it is specified in Json Path as String. The start and end character is a square bracket. Any complex object in the array is returned as Json, so that you might get Arrays of Array or objects. Only

RE: RE: [PATCH] Added support for Arrays in sample_conv_json_query in sample.c

Method now returns the content of Json Arrays, if it is specified in Json Path as String. The start and end character is a square bracket. Any complex object in the array is returned as Json, so that you might get Arrays of Array or objects. Only recommended for Arrays of simple types (e.g.,

RE: [PATCH] Added support for Arrays in sample_conv_json_query in sample.c

Method now returns the content of Json Arrays, if it is specified in Json Path as String. The start and end character is a square bracket. Any complex object in the array is returned as Json, so that you might get Arrays of Array or objects. Only recommended for Arrays of simple types (e.g.,

Re: [PATCH] MINOR: support for http-request set-timeout client

Le 16/09/2023 à 06:19, Vladimir Vdovin a écrit : Added set-timeout for frontend side of session, so it can be used to set dynamically per-client timeouts if needed. Thanks ! It looks good. However I have few comments. First it could be good to add a sample fetch to retrieve the current

<    1   2   3   4   5   6   7   8   9   10   >