ually I'm used the write multiple patterns as \(pattern1\)\(pattern2\). So
> is it a different regex syntax?
>
> The other question - since I don't understand the above statement at all -
> what does it exactly do?
>
> With 2.4 the corresponding line was (instead of the replace-h
m used the write multiple patterns as \(pattern1\)\(pattern2\). So is
it a different regex syntax?
The regex of HAProxy is explained here.
http://docs.haproxy.org/2.8/configuration.html#7.1.4
In addition could be this part interesting for you.
Quoting and escaping http://docs.haproxy.o
I have the following line in my config:
backend website
http-request replace-header Destination ^([^\ :]*)\ /(.*) \1\ /opencms/\2
server www.mydomain.org 127.0.0.1:8080
Actually I'm used the write multiple patterns as \(pattern1\)\(pattern2\). So
is it a different regex syntax
payload length may
vary since the method is sent in plaintext. In order to allow this, the
regex now matches any payload length.
This partially fixes Github issue #1508 since user authentication is
still broken but should restore pre-2.2 behavior.
This should be backported up to 2.2.
Signed-off
payload length may
vary since the method is sent in plaintext. In order to allow this, the
regex now matches any payload length.
This partially fixes Github issue #1508 since user authentication is
still broken but should restore pre-2.2 behavior.
This should be backported up to 2.2.
Thanks
is sent in plaintext. In order to allow this, the
regex now matches any payload length.
This partially fixes Github issue #1508 since user authentication is
still broken but should restore pre-2.2 behavior.
This should be backported up to 2.2.
Signed-off-by: Fatih Acar
---
reg-tests/checks/pgsql
On Thu, Aug 13, 2020 at 06:17:15PM +0100, David CARLIER wrote:
> To be honest not huge improvement but relatively constant has it is
> set once per regex compilation.
Perfect, thanks, now merged.
Willy
To be honest not huge improvement but relatively constant has it is
set once per regex compilation.
On Thu, 13 Aug 2020 at 17:54, Willy TARREAU wrote:
>
> On Thu, Aug 13, 2020 at 05:30:49PM +0100, David CARLIER wrote:
> > In fact the jit match does less check than the normal ma
On Thu, Aug 13, 2020 at 05:30:49PM +0100, David CARLIER wrote:
> In fact the jit match does less check than the normal match and fits
> better when the regex code had been compiled with JIT. However the
> classic match call still works with JIT only it does more checks.
OK! did you ob
In fact the jit match does less check than the normal match and fits
better when the regex code had been compiled with JIT. However the
classic match call still works with JIT only it does more checks.
Regards.
On Thu, 13 Aug 2020 at 17:22, Willy TARREAU wrote:
>
> Hi David,
>
> On
Hi David,
On Thu, Aug 13, 2020 at 03:00:28PM +0100, David CARLIER wrote:
> Subject: [PATCH] CLEANUP/MEDIUM: regex: PCRE2 use JIT match when JIT
> optimisation occured.
>
> When a regex had been succesfully compiled by the JIT pass, it is better
> to use the related match, tha
Hi, here a little update proposal for the PCRE2 support.
Hope it s useful.
Cheers.
From f52735b133fff5c195a52a54623b556ecb58e22d Mon Sep 17 00:00:00 2001
From: David Carlier
Date: Thu, 13 Aug 2020 14:53:41 +0100
Subject: [PATCH] CLEANUP/MEDIUM: regex: PCRE2 use JIT match when JIT
optimisation
all the instances of foo*, just the first one. (Maybe
I didn’t give the correct regex)
- Using regsub() with set-header. It can’t deal with commas.
- I thought of url-encoding the header, then using regsub(), and then
url-decoding it back using set-var variables, but there’s no url_enc
Hello Joao Guimaraes,
The following lines should accomplish what you described in your email:
acl is_main_site hdr(Host) -i www.mysite.com mysite.com
http-request set-var(req.scheme) str(https) if { ssl_fc }
http-request set-var(req.scheme) str(http) if !{ ssl_fc }
Am 21.01.2019 um 23:40 schrieb Joao Guimaraes:
> Hi Haproxy team!
>
> I've been trying to figure out how to perform automatic redirects based on
> source URL transformations.
>
> *Basically I need the following redirect: *
>
> mysite.*abc* redirected to *abc*.mysite.com .
Maybe you can
Hi Haproxy team!
I've been trying to figure out how to perform automatic redirects based on
source URL transformations.
*Basically I need the following redirect: *
mysite.*abc* redirected to *abc*.mysite.com.
Note that mysite.abc is not fixed, must apply to whatever abc wants to be.
*Other
From: Frédéric Lécaille
This patch makes at least this test pass on FreeBSD systems.
The regex to be matched with syslog message was too much Linux specific.
---
reg-tests/checks/s3.vtc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/reg-tests/checks/s3.vtc b/reg
Hi,
This patch fixes typos in the code comment of the regex subsystem.
Thanks,
Joseph
From 6944830de98bf005672546f113e3bf48537f277d Mon Sep 17 00:00:00 2001
From: Joseph Herlant
Date: Thu, 15 Nov 2018 14:46:29 -0800
Subject: [PATCH] CLEANUP: Fix typos in the regex subsystem
Fix typos
][a-z]).pdf \1\ /\2/404 if
needsredirect !ischina
redirect scheme https code 301 if needsredirect !ischina
```
The first 2 lines determine if we have to redirect which is the case if
`needsredirect` is TRUE and `ischina` is FALSE.
The third line does the regex on all headers and the fourth
After discussion with Willy I finally drop this change. Kind regards.
On 21 July 2017 at 08:23, Willy Tarreau wrote:
> On Fri, Jul 21, 2017 at 08:17:14AM +0100, David CARLIER wrote:
> > Hi Willy, fair points.
>
> I don't understand, this the patch still uses MALLOC/FREE.
>
> Willy
On Fri, Jul 21, 2017 at 08:17:14AM +0100, David CARLIER wrote:
> Hi Willy, fair points.
I don't understand, this the patch still uses MALLOC/FREE.
Willy
it;a=blob;f=src/memory.c;hb=HEAD#l198
>
> There wouldn't be any benefit in doing this because our pools are fixed
> size and are not compatible with a malloc() call by definition. Also,
> pcre will call malloc() while compiling the regex, which is normally
> not done at run time so there's
y definition. Also,
pcre will call malloc() while compiling the regex, which is normally
not done at run time so there's no benefit in trying to optimize for
performance during this stage. However I agree that instrumenting a
malloc() call is sometimes quite useful.
Willy
Hi Willy Tarreau,
Willy Tarreau wrote on 21.07.2017:
> Hi David,
> On Fri, Jul 21, 2017 at 07:36:37AM +0100, David CARLIER wrote:
>> Hi all,
>>
>> hopefully it will be revealed useful, in this patch, we re trying to use
>> the MALLOC/FREE macros since pcre* libraries are capable of overriding
Hi David,
On Fri, Jul 21, 2017 at 07:36:37AM +0100, David CARLIER wrote:
> Hi all,
>
> hopefully it will be revealed useful, in this patch, we re trying to use
> the MALLOC/FREE macros since pcre* libraries are capable of overriding
> internally memory management.
Given that the MALLOC and FREE
vne...@gmail.com>
Date: Fri, 21 Jul 2017 07:26:38 +0100
Subject: [PATCH] MINOR: regex: using allocators macros
Only pools use it at the moment, but since pcre
(via its global pcre_malloc/pcre_free) and pcre2
(via contexts) can override memory management functions
as well, we use here this possi
Hi Willy looks good to me thanks.
On 28 December 2016 at 11:54, Willy Tarreau wrote:
> Hi David,
>
> On Tue, Nov 22, 2016 at 11:11:09AM +0100, Willy TARREAU wrote:
>> Thanks, your patch looks pretty clean so I'm keeping it for 1.8.
>
> So I've merged it now. I had to slightly adapt
Hi David,
On Tue, Nov 22, 2016 at 11:11:09AM +0100, Willy TARREAU wrote:
> Thanks, your patch looks pretty clean so I'm keeping it for 1.8.
So I've merged it now. I had to slightly adapt the changes to regex.c
to report the option in "-vv" since I made some changes in this area
recently, but
I admit I did not spend time on this part, especially I did most of
the development on OpenBSD where pcre2 is compiled without jit support
(due to sljit W^X "policy violation", I believe a couple of security
oriented linux distros do the same ...), plus couple of quick tests on
ubuntu.
Small
Hi David,
On Mon, Nov 21, 2016 at 09:42:10PM +, David CARLIER wrote:
> Hi,
>
> this patch attempts to bring pcre2 support to address the fact that pcre2
> is installed more and more over pcre due to its security flaws. If
> accepted, it will be for 1.8, but I think somehow this is the good
21:25:58 +
Subject: [PATCH] MEDIUM: regex: pcre2 support
this adds a support of the newest pcre2 library,
more secure than its older sibling in a cost of a
more complex API.
It works pretty similarly to pcre's part to keep
the overall change smooth, except :
- we define the string class sup
Hello,
Am 28.10.2016 um 01:03 schrieb Willy Tarreau:
For the record: this has been fixed; and I also implemented the correct
"Built with PCRE" information. Haproxy 1.6.10 will contain those fixes.
~/haproxy-1.6$ git log --oneline v1.6.9.. | grep PCRE
dcdd2ae MINOR: show Built with PCRE
On Thu, Oct 27, 2016 at 05:43:38PM +0200, Lukas Tribus wrote:
> Hello,
>
>
> Am 08.09.2016 um 17:48 schrieb Lukas Tribus:
> >
> > > Means that haproxy -vv reported "Built with PCRE version" version
> > > wrong previously. That confused me.
> >
> > This returns the output of pcre_version() and
Hello,
Am 08.09.2016 um 17:48 schrieb Lukas Tribus:
Means that haproxy -vv reported "Built with PCRE version" version
wrong previously. That confused me.
This returns the output of pcre_version() and yes, the text should be
renamed to "Running with PCRE version", because the runtime
I would like to replaced some offsite links within the response body. I'm
trying to use:
rspirep findme REPLACED
Within the backend deceleration but it doesnt seem to firing, most of the
examples i have seen seems to be for heads and not body text.
Is this possible?
thanks
Hello Veiko,
Am 08.09.2016 um 13:11 schrieb Veiko Kukk:
Yes, turned out, build box had newer pcre installed (7 vs 8 major
version). Compiling pcre statically solved that error/problem.
Good to hear. If you link against a shared library, you will have to
make sure they match in major
❦ 7 septembre 2016 16:42 CEST, Veiko Kukk :
>> I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed
>> by haproxy 1.6.9. Any ideas, why?
>
> Another strange issue is that 1.6.9 shows:
> Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010
>
>
Am 07.09.2016 um 16:42 schrieb Veiko Kukk:
On 07/09/16 14:37, Veiko Kukk wrote:
I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed
by haproxy 1.6.9. Any ideas, why?
Another strange issue is that 1.6.9 shows:
Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010
On 07/09/16 14:37, Veiko Kukk wrote:
I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed
by haproxy 1.6.9. Any ideas, why?
Another strange issue is that 1.6.9 shows:
Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010
System does have openssl 1.0.1e-48.el6_8.1
Hi,
I tried to upgrade from 1.6.8 to 1.6.9, but found strange errors printed
by haproxy 1.6.9. Any ideas, why?
[ALERT] 250/112901 (12026) : parsing [/etc/haproxy/haproxy.cfg:57] :
'reqirep' : regular expression '^([^ :]*) /(.*)' : failed to compile
regex '^([^ :]*) /(.*)' (error=unknown
Greetings,
On 6/26/16 7:40 AM, k simon wrote:
> Hi, lists,
>I noticed that haproxy 1.6.5 hog the cpu periodiclly on FreeBSD 10
> with 800K-1M syscalls. I change the balance algo to "uri" and delete all
> the regular expressions can work around it. There maybe some bug with
> PCRE on
Hi, lists,
I noticed that haproxy 1.6.5 hog the cpu periodiclly on FreeBSD 10
with 800K-1M syscalls. I change the balance algo to "uri" and delete all
the regular expressions can work around it. There maybe some bug with
PCRE on FreeBSD or some bug in haproxy, but I can't confirm it.
And
use_backend %[req.hdr(host),lower]
On Thu, Jun 23, 2016 at 6:21 AM, Mildis wrote:
> Hi,
>
> I’m in the process of setting HAProxy as an HTTPS frontend switch to
> different backends.
> As I have 10+ different backends, I’d like to replace
>
> acl to-server1 hdr_beg(host) -i
Hi,
I’m in the process of setting HAProxy as an HTTPS frontend switch to different
backends.
As I have 10+ different backends, I’d like to replace
acl to-server1 hdr_beg(host) -i server1.domain.tld
acl to-server2 hdr_beg(host) -i server2.domain.tld
…
acl to-serverN hdr_beg(host) -i
Hi all,
I should be able to test this in our production setup a few days after I can
have an rpm ready with the patch we are running on rhel 6.x
Merci Cyril
---
Guillaume Bourque, B.Sc.,
Le 2015-11-24 à 16:58, Cyril Bonté a écrit :
> Hi all,
>
> I revive this thread.
Hi all,
I revive this thread.
Le 12/11/2015 09:59, Igor Cicimov a écrit :
On Thu, Nov 12, 2015 at 6:44 PM, Guillaume Bourque
> wrote:
Hi,
thanks for the suggestion but it did not work for me. I tried
Hi Cyril,
On Tue, Nov 24, 2015 at 10:58:47PM +0100, Cyril Bonté wrote:
> Currently, haproxy won't match an url parameter if its value is empty. I
> tend to think it should : an empty value is different from not providing
> the parameter at all.
>
> The function "find_next_url_param()" should
Hi all,
I’m not far but it does not work so any recommendation would be very helpfull
I just need some very simple redirect but after looking into aloa doc the happy
doc, I can’t find examples that could help me do this, okay I must admit I did
not sleep for the last 30 hours so that could
Hourra Aleks,
it’s working thanks a lot
I will try more in deep in a few hour but wanted to tank you as soon as I test
it
Again thanks
---
Guillaume Bourque, B.Sc.,
Le 2015-11-12 à 16:19, Aleksandar Lazic a écrit :
> Hi.
>
> Am 12-11-2015 21:16, schrieb Guillaume
Hi.
Am 12-11-2015 21:16, schrieb Guillaume Bourque:
Hi all,
I’m not far but it does not work so any recommendation would be very
helpfull
I just need some very simple redirect but after looking into aloa doc
the happy doc, I can’t find examples that could help me do this, okay
I must admit I
On Thu, Nov 12, 2015 at 6:44 PM, Guillaume Bourque <
guillaume.bour...@logisoftech.com> wrote:
> Hi,
>
> thanks for the suggestion but it did not work for me. I tried
>
>acl fr_top url_reg/?lang=
>acl fr_top url_reg
Hello Igor,
thanks a lot still not working
would I need to escape the =
> http-request redirect location /store code 301 if { capture.req.uri lang\= -m
> found }
Bye
---
Guillaume Bourque, B.Sc.,
Le 2015-11-12 à 03:59, Igor Cicimov a écrit :
>
>
> On
Hi all,
I can’t create an acl that will match this
http://domain/?lang=
I tried
acl fr_top path_reg^/.lang\=$
acl fr_top path_reg^/\?lang\=$
acl fr_toppath_beg/?lang\=$
I
On Wed, Nov 11, 2015 at 8:43 PM, Guillaume Bourque <
guillaume.bour...@logisoftech.com> wrote:
> Hi all,
>
> I can’t create an acl that will match this
>
> http://domain/?lang=
>
> I tried
>
> acl fr_top path_reg^/.lang\=$
> acl fr_top
Hi,
thanks for the suggestion but it did not work for me. I tried
acl fr_top url_reg/?lang=
acl fr_top url_reg/?lang=$
# off acl fr_topurlp_reg(lang\=$,?) -m found
# off acl fr_top
Hello Bryan
I’m running haproxy 1.5.4 and I can’t find any example on how to user req.uri
if you could give a examples on how to match a specific query to redirect to
another
From http://domain/pages/store.php?lang=fr to http://domain/store/
That would be great !
TIA
---
Guillaume
On 12/11/2015 5:30 PM, "Guillaume Bourque" <
guillaume.bour...@logisoftech.com> wrote:
>
> Hello Bryan
>
> I’m running haproxy 1.5.4 and I can’t find any example on how to user
req.uri if you could give a examples on how to match a specific query to
redirect to another
>
> From
It is possible to apply case function on substitution part of RegEx like that ?
Request Line:GET /JSicCaravaggio/jsic.css HTTP/1.1
repireq (\/JSic)([A-Za-z])([A-Za-z]*)\/ \/JSic\2\3\/
Following regex should match "/JSicCaravaggio/" case insensitive in 3 groups:
/1
Le 28 août 2015 06:31, Firman Gautama firman.gaut...@gmail.com a écrit :
Hello All,
I was just wondering what is the best way if we want to filter all
headers by certain regex to block invalid/malicious characters?
I read on the documentation, CMIIW, but the example there only shown if
we
I'm wondering, what kind of filter that already done automatically
by HAProxy as default? And how if I want to add extra 'regex' filter in the
HAProxy for incoming headers, for let say I only want to allow [a-Z0-9] for
example. (So I can make sure if the error msg still occurring that's mean
Hello All,
I was just wondering what is the best way if we want to filter all headers
by certain regex to block invalid/malicious characters?
I read on the documentation, CMIIW, but the example there only shown if we
know the specific header name.
Does anybody know how to filter all the http
support the regex you proviced for browser URL case ?
In your opinion who must manage this set-header X-Redirect-Url and
location headers ? the application level ?
Thank you
Roberto
-Original Message-
From: Cyril Bonté [mailto:cyril.bo...@free.fr]
Sent: lunedì 27 luglio 2015 20.35
No, you are right, as I told you I was wrong thinking Referer had to do with
the browser URL, I see only Referer in the header with wrong case, so I think
that.
It is only to understand haproxy regex match behavior so I've more control...
:D (but antislash before /demoj is not necessary
I wrote in the first mail I used 2 different regex. The (1) probably doesn't
match, but the (2) ?
(2) reqirep (.*)\/demoj(.*) \1/DemoJ\2
This regex match https://hostname, I'm Wrong ?
Roberto
-Original Message-
From: Cyril Bonté [mailto:cyril.bo...@free.fr]
Sent: martedì 28
:...
reqirep (.*)\/demoj(.*) \1/DemoJ\2
- applied to headers, this regex should match and subst correctly also
for Referer: I'm wrong ?
I get it to work using 2 different regex. The second matching statically
Referer...
reqirep
Hi again,
On 28/07/2015 09:42, mlist wrote:
I wrote in the first mail I used 2 different regex. The (1) probably doesn't
match, but the (2) ?
(2) reqirep (.*)\/demoj(.*) \1/DemoJ\2
This regex match https://hostname, I'm Wrong ?
Good news for you, at this step, no, you
.
No confusion to have, the documentation is right, but the regex you
provided in in previous mail was wrong for what you wanted to do : it
couldn't match the Referer value because it didn't expect a value
beginning with https://hostname.
--
Cyril Bonté
Hi Aleksandar,
I'm compiled with USE_PCRE=yes flag. At
http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#4.2-reqirep
In the example
replace /static/ with / at the beginning of any request path.
reqrep ^([^\ :]*)\ /static/(.*) \1\ /\2
I changed the regex with this:
(1
. At
http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#4.2-reqirep
In the example
replace /static/ with / at the beginning of any request path.
reqrep ^([^\ :]*)\ /static/(.*) \1\ /\2
I changed the regex with this:
(1) reqirep ^([^\ :]*)\ /demoj(.*) \1\ /DemoJ\2
Hi again,
Le 27/07/2015 19:48, Cyril Bonté a écrit :
Le 27/07/2015 17:06, mlist a écrit :
(...) he Browser URL often remain in wrong case.
I missed that point : if you wan't to change the browser url, reg(i)rep
won't do the job, you'll want a HTTP redirect response.
I tend to say that
Hi,
I'm testing some stuff with quite a big regex and now I am wondering
what would be more efficient. Is it more efficient to load the regex
with -i or is it better to specify it in the regex
So,
-i (some|words)
or
((S|s)(O|o)(M|m)(E|e)|(W|w)(O|o)(R|r)(D|d)(S|s))
Greets,
Sander
Hi Sander,
On Mon, Dec 01, 2014 at 02:34:26PM +0100, Sander Klein wrote:
Hi,
I'm testing some stuff with quite a big regex and now I am wondering
what would be more efficient. Is it more efficient to load the regex
with -i or is it better to specify it in the regex
So,
-i (some
Hi,
i would like to redirect the following urls with HAProxy:
www.example.at.prod.site.local - m.example.at
www.example.de.prod.site.local - m.example.de
.
.
.
.
apache mod_rewrite-rule:
RewriteCond %{HTTP_HOST} ^(www\.)?example\.([a-z]{2,3}).prod\.site\.local$ [NC]
RewriteRule ^/(.*)$
Thanks, that has cleared that up.
cheers
Chris
On 25 September 2013 16:15, Baptiste bed...@gmail.com wrote:
Hi Chris,
Here is what your configuration doing:
IF there is no 'www.' at the beginning of the Host header, then add it.
IF there is no 'www.' at the beginning of the Host header,
Hi,
To ensure a permanent IP we have a haproxy instance feeding AWS ELB to
a number of apache instances.
All of the vhosts are pinned to www.somedomain.com rather than
somedomain.com, though we have dns setup so that the endpoiont for
each domain and www.domain is the haproxy box.
What we need
Hi Chris,
Here is what your configuration doing:
IF there is no 'www.' at the beginning of the Host header, then add it.
IF there is no 'www.' at the beginning of the Host header, then
redirect the user to /url
Here is how HAProxy works: the request buffer is different from the
workspace where
Hi Baptise,
Thanks for the suggestion. The list of possible values is in 100s and I
would like to load balance on different machines while still keeping them
sticky. So, stick tables is the ideal solution. However, stick tables only
support pattern extractions which are limited to using full
On Thu, Feb 28, 2013 at 7:28 PM, Vivek Malik vivek.ma...@gmail.com wrote:
Hi,
I see that it is possible to haproxy sticky on a header value, path, query
parameter. It seems that haproxy does process the request URI to extract
query parameters. Is is possible to use stick tables with
on port 80 to keep them from being blocked by poorly configured
corp firewalls. To that end I was hoping I could accept connections with
HAProxy, read the uri, and rewrite to localhost:port_based_on_uri on the
fly using a bit of regex. If it were just 3-4 per server I'd leave it as
above
On 1/12/2012 12:38 PM, Willy Tarreau wrote:
But clearly if you want to map specific URL prefixes to specific servers,
at one point you need to establish this mapping and I don't see how to
simplify it further. Also I'd say that 40 lines is not *that* dramatic,
I've already seen multi-megabytes
. To that end I was hoping I could accept connections with
HAProxy, read the uri, and rewrite to localhost:port_based_on_uri on the
fly using a bit of regex. If it were just 3-4 per server I'd leave it as
above, but it's closer to 40 or so per server with the content system
scheduling to different servers
Running the latest 1.3.x and have several reqrep lines in my config. No
issues with rewriting /foo/(.) but I just want to rewrite:
/foo to /fubar/foo
and the regex that I *think* should work is not doing the job.
Any help appreciated.
-dave
On Wed, Aug 05, 2009 at 12:08:12PM -0400, Dave Pascoe wrote:
Running the latest 1.3.x and have several reqrep lines in my config. No
issues with rewriting /foo/(.) but I just want to rewrite:
/foo to /fubar/foo
and the regex that I *think* should work is not doing the job.
Any help
83 matches
Mail list logo