Re: apache proxy pass rules in HAproxy

" Well you need to point crsplabweb2.example.com to the haproxy IP that's the whole point of it running behind a proxy. Or am I missing something? " Well, I am not sure what you meant by that comment above. On Sun, Oct 28, 2018 at 8:07 PM Igor Cicimov wrote: > Well you

Re: apache proxy pass rules in HAproxy

Well you need to point crsplabweb2.example.com to the haproxy IP that's the whole point of it running behind a proxy. Or am I missing something? On Mon, Oct 29, 2018 at 1:28 PM Imam Toufique wrote: > Hi Igor, > > Thank you so much, I will definitely try your suggestions, but I am not &

Re: apache proxy pass rules in HAproxy

r # forward IP >>>>http-request set-header X-Forwarded-Port %[dst_port] >>>>http-request add-header X-Forwarded-Proto https if { ssl_fc } >>>>redirect scheme https if !{ ssl_fc } >>>>acl host_web3 path_beg /jhub >>>>use

Re: apache proxy pass rules in HAproxy

ce source >>>server crsplabweb1.domain.com publicIP:443 check ssl verify none >>> inter 2000 cookie w1 >>> >>> The above config gets me to the backend node -- where I have a >>> jupyterhub instance running + . Shibboleth SP running for authentication. >>&g

Re: apache proxy pass rules in HAproxy

- > *Von:* Imam Toufique > *Gesendet:* 27. Oktober 2018 19:06:50 MESZ > *An:* al-hapr...@none.at > *CC:* Igor Cicimov , haproxy < > haproxy@formilux.org> > *Betreff:* Re: apache proxy pass rules in HAproxy > > Hi Aleks, > Yes, I should

Re: apache proxy pass rules in HAproxy

Hi. Thanks for the infos. Have you also seen the other answers in the previous mail? Regards Aleks Ursprüngliche Nachricht Von: Imam Toufique Gesendet: 27. Oktober 2018 19:06:50 MESZ An: al-hapr...@none.at CC: Igor Cicimov , haproxy Betreff: Re: apache proxy pass rules

Re: apache proxy pass rules in HAproxy

Hi Aleks, Yes, I should have done last in my last email post. Sorry about that. haproxy version: [root@crsplabnet2 haproxy]# haproxy -vv HA-Proxy version 1.8.14-52e4d43 2018/09/20 Copyright 2000-2018 Willy Tarreau Build options : TARGET = linux2628 CPU = generic CC = gcc

Re: apache proxy pass rules in HAproxy

ode, > get SSL certs - so shibboleth authentication could be done.  I am sure > there is a better approach to this, but I don't know what it is.  I > will > be trying out SNAT to see if that will allow me to keep using my > private > IP for the backe

Re: CLI proxy for master process

Am 26.10.2018 um 18:10 schrieb Willy Tarreau: > On Fri, Oct 26, 2018 at 05:58:43PM +0200, Aleksandar Lazic wrote: >> BTW what's nb in "nb(thread|proc)"? >> >> [ ] No block >> [ ] never been >> [ ] real answer, something in french ;-): > > "NumBer" :-) Ah it could be so easy ;-) > This one is

Re: apache proxy pass rules in HAproxy

ou know how to do SNAT, please chime in, it would be >> worth the time/effort to try it out. >> >> Now, the interesting thing I have noticed with the above setup -- when I >> connect to HAProxy, let's say with https://proxy.domain.com , I >> authenticate with shibbol

Re: apache proxy pass rules in HAproxy

r the backend > nodes. If any of you know how to do SNAT, please chime in, it would be > worth the time/effort to try it out. > > Now, the interesting thing I have noticed with the above setup -- when I > connect to HAProxy, let's say with https://proxy.domain.com , I > authent

Re: apache proxy pass rules in HAproxy

://proxy.domain.com , I authenticate with shibboleth, and then the URL in the browser points to the backend node. For example: my proxy address: https://proxy.domain.com/jhub after I connect to the backend, the URL turns into - https://crsplabweb1.domain.com/jhub/tree? ...and everything works thereafter

Re: CLI proxy for master process

On Fri, Oct 26, 2018 at 05:58:43PM +0200, Aleksandar Lazic wrote: > BTW what's nb in "nb(thread|proc)"? > > [ ] No block > [ ] never been > [ ] real answer, something in french ;-): "NumBer" :-) This one is not derived from french, it's not like "option independant-streams" which I messed up

Re: CLI proxy for master process

On Fri, Oct 26, 2018 at 05:58:43PM +0200, Aleksandar Lazic wrote: > BTW what's nb in "nb(thread|proc)"? > > [ ] No block > [ ] never been > [ ] real answer, something in french ;-): [X] number :-) -- William Lallemand

Re: CLI proxy for master process

On Fri, Oct 26, 2018 at 05:41:12PM +0200, William Lallemand wrote: > The problem is that at the moment it's not possible to connect to the stats > socket of a process which is leaving. Sometimes it's really useful to debug > and > see the session which are still connected on the old process. And

Re: CLI proxy for master process

Hi, William. Am 26.10.2018 um 17:41 schrieb William Lallemand: > On Fri, Oct 26, 2018 at 05:13:00PM +0200, Aleksandar Lazic wrote: >> Hi William. >> >> Sorry for my lack of knowledge and my curiosity, you know I'm always curious >> ;-), but for which usecase can I use this feature? >> >> Best

Re: CLI proxy for master process

On Fri, Oct 26, 2018 at 05:13:00PM +0200, Aleksandar Lazic wrote: > Hi William. > > Sorry for my lack of knowledge and my curiosity, you know I'm always curious > ;-), but for which usecase can I use this feature? > > Best regards. > > Aleks > > Hi Aleks, With a nbproc setup, the first

CLI proxy for master process

This patch series implements a CLI on the master process. It's a work in progress but it is now in a usable state, so people might be interessed in testing it. The CLI on the master is organized this way: * The master process implements a CLI proxy which contains: - a listener for each

[PATCH 12/20] MEDIUM: cli: implement 'mode cli' proxy analyzers

This patch implements analysers for parsing the CLI and extra features for the master's CLI. For each command (sent alone, or separated by ; or \n) the request analyser will determine to which server it should send the request. The 'mode cli' proxy is able to parse a prefix for each command

[PATCH 17/20] MEDIUM: mworker: stop the master proxy in the workers

The master proxy which handles the CLI should not be used or shown in the stats of the workers. This proxy is now disabled after the fork. --- include/proto/cli.h | 3 +++ src/cli.c | 8 src/haproxy.c | 2 ++ 3 files changed, 13 insertions(+) diff --git a/include/proto

[PATCH 07/20] MEDIUM: mworker: proxy for the master CLI

This patch implements a listen proxy within the master. It uses the sockpair of all the workers as servers. In the current state of the code, the proxy is only doing round robin on the CLI of the workers. A CLI mode will be needed to know to which CLI send the requests. --- include/proto/cli.h

[PATCH 19/20] MEDIUM: cli: write a prompt for the CLI proxy of the master

if (s->pcli_next_pid == 0) + chunk_appendf(msg, "master> "); + else + chunk_appendf(msg, "%d> ", s->pcli_next_pid); + co_inject(oc, msg->area, msg->data); +} + /* The pcli_* functions are used for the CLI proxy in t

Re: apache proxy pass rules in HAproxy

icate my application. Since I can't set up the HA proxy node with >> shibboleth SP - I had to wrap my application in the backend with apache so >> I can pass REMOTE_USER to the application. the application I have is - >> jupyterhub and it start with its own proxy. Long story sh

Re: apache proxy pass rules in HAproxy

On Thu, 25 Oct 2018 6:13 pm Imam Toufique wrote: > so I almost got this to work, based on the situation I am in. To > elaborate just a bit, my setup involves a shibboleth SP that I need to > authenticate my application. Since I can't set up the HA proxy node with > shibbolet

Re: apache proxy pass rules in HAproxy

so I almost got this to work, based on the situation I am in. To elaborate just a bit, my setup involves a shibboleth SP that I need to authenticate my application. Since I can't set up the HA proxy node with shibboleth SP - I had to wrap my application in the backend with apache so I can pass

Re: apache proxy pass rules in HAproxy

s error: >> >> 500 : Internal Server Error >> >> Redirect loop detected. >> >> >> Not sure why I am getting this error. the application is jupyterhub , it >> runs OK with Apaches reverse proxy . >> > Try: > >server web1 10.1.100.

Re: apache proxy pass rules in HAproxy

okie w1 > > > I am running into a redirect loop , I cant login to the backend UI, i get > this error: > > 500 : Internal Server Error > > Redirect loop detected. > > > Not sure why I am getting this error. the application is jupyterhub , it > runs O

Re: apache proxy pass rules in HAproxy

Error Redirect loop detected. Not sure why I am getting this error. the application is jupyterhub , it runs OK with Apaches reverse proxy . On Tue, Oct 23, 2018 at 8:35 AM Aleksandar Lazic wrote: > Hi. > > Am 23.10.2018 um 09:04 schrieb Imam Toufique: > > I am looking for s

Re: apache proxy pass rules in HAproxy

Hi. Am 23.10.2018 um 09:04 schrieb Imam Toufique: > I am looking for some help on how to write the following apache proxypass  > rules > in HAproxy.  Not to mention I am at a bit of loss with my first try :-) .  > Here > are my current proxypass rules: > > ProxyPass

apache proxy pass rules in HAproxy

I am looking for some help on how to write the following apache proxypass rules in HAproxy. Not to mention I am at a bit of loss with my first try :-) . Here are my current proxypass rules: ProxyPass http://10.1.100.156:8000/jhub ProxyPassReverse http://10.1.100.156:8000/jhub

Re: HA-Proxy configuration

On Wed, 10 Oct 2018 at 07:08, anjireddy.komire...@wipro.com < anjireddy.komire...@wipro.com> wrote: > Hi Team, > > > I am looking for HA-Proxy configuration Help in over project, can i know > some one who can give more information on configuration using 2 different > HA-

Re: HA-Proxy configuration

: "anjireddy.komire...@wipro.com" Gesendet: 10. Oktober 2018 08:05:24 MESZ An: "haproxy@formilux.org" CC: "santhosh.pa...@wipro.com" Betreff: HA-Proxy configuration Hi Team, I am looking for HA-Proxy configuration Help in over project, can i know some one

HA-Proxy configuration

Hi Team, I am looking for HA-Proxy configuration Help in over project, can i know some one who can give more information on configuration using 2 different HA-Proxy servers for high availability. Feel free to contact me on - 9849916124 Regards, Anjireddy. The information contained

Re: HA Proxy Source IP Issue

times the application can support the PROXY protocol, you'll need to check whats possible -- https://www.haproxy.com/blog/haproxy/proxy-protocol/ was invented IIRC by Willy for haproxy, but it's really widespread now in other applications, as a generic non-HTTP-specific way of providing inbound I

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

On 08/28/2018 11:19 AM, Frederic Lecaille wrote: On 08/27/2018 10:46 PM, PiBa-NL wrote: Hi Frederic, Oliver, Hi Pieter, Thanks for your investigations :). I've made a little reg-test (files attached). Its probably not 'correct' to commit as-is, but should be enough to get a reproduction..

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

c:6716     si = (struct stream_interface *) 0x803077340     strm = (struct stream *) 0x803077000     res = (struct channel *) 0x803077070     rule = (struct act_rule *) 0x80242d5a0 ---Type to continue, or q to quit---     px = (struct proxy *) 0x8024c4400     hlua = (struct hl

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

On Tue, Aug 28, 2018 at 02:47:28PM +0200, Olivier Houchard wrote: > Ok you're right, I have a patch for that problem, which should definitively > be different from Pieter's problem :) > Willy, I think it's safe to be applied, and should probably be backported > (albeit it should be adapted, given

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

Hi, On Mon, Aug 27, 2018 at 03:26:50PM +0200, Frederic Lecaille wrote: [...] > > According to Pieter traces, haproxy has registered HTTP service mode lua > applets in HTTP mode. Your patch fixes a TCP service mode issue. > reg-test/lua/b1.vtc script runs both HTTP and TCP lua applets. But

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

On 08/27/2018 10:46 PM, PiBa-NL wrote: Hi Frederic, Oliver, Thanks for your investigations :). I've made a little reg-test (files attached). Its probably not 'correct' to commit as-is, but should be enough to get a reproduction.. I hope.. changing it to nbthread 1 makes it work every

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

On 08/27/2018 10:46 PM, PiBa-NL wrote: Hi Frederic, Oliver, Hi Pieter, Thanks for your investigations :). I've made a little reg-test (files attached). Its probably not 'correct' to commit as-is, but should be enough to get a reproduction.. I hope.. changing it to nbthread 1 makes it work

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

Hi Frederic, Oliver, Thanks for your investigations :). I've made a little reg-test (files attached). Its probably not 'correct' to commit as-is, but should be enough to get a reproduction.. I hope.. changing it to nbthread 1 makes it work every time..(that i tried) The test actually seems

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

with connect_ssl and haproxy running with nbthread 3.. results in haproxy hanging with 3 threads for me. This while using both 1.9-7/30 version (with the 2 extra patches from Olivier avoiding 100% on a single thread.) and also a build of today's snapshot: HA-Proxy version 1.9-dev1-e3faf02 2018/08/25 Below info

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

Using a lua-socket with connect_ssl and haproxy running with nbthread 3.. > > > results in haproxy hanging with 3 threads for me. > > > > > > This while using both 1.9-7/30 version (with the 2 extra patches from > > > Olivier avoiding 100% on a single thread.) and

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

-7/30 version (with the 2 extra patches from Olivier avoiding 100% on a single thread.) and also a build of today's snapshot: HA-Proxy version 1.9-dev1-e3faf02 2018/08/25 Below info is at the bottom of the mail: - haproxy -vv - gdb backtraces This one is easy to reproduce after just a few calls

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

he 2 extra patches from > Olivier avoiding 100% on a single thread.) and also a build of today's > snapshot: HA-Proxy version 1.9-dev1-e3faf02 2018/08/25 > > Below info is at the bottom of the mail: > - haproxy -vv > - gdb backtraces > > This one is easy to reproduce

Re: lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

On 08/25/2018 10:00 PM, PiBa-NL wrote: Hi List, Thierry, Olivier, Hi, Using a lua-socket with connect_ssl and haproxy running with nbthread 3.. results in haproxy hanging with 3 threads for me. If your configuration is simple do not hesitate to provide it. Perhaps we will be able to write

lua script, 200% cpu usage with nbthread 3 - haproxy hangs - __spin_lock - HA-Proxy version 1.9-dev1-e3faf02 2018/08/25

snapshot: HA-Proxy version 1.9-dev1-e3faf02 2018/08/25 Below info is at the bottom of the mail: - haproxy -vv - gdb backtraces This one is easy to reproduce after just a few calls to the lua function with the lua code i'm writing on a test-box.. So if a 'simple' config that makes

Re: WAF with HA Proxy.

Thanks Willy, It's solved. Now, checking further on configuring Rules. On Mon, Aug 13, 2018 at 2:32 PM, Willy Tarreau wrote: > On Mon, Aug 13, 2018 at 02:24:00PM +0530, DHAVAL JAISWAL wrote: > > /usr/local/src/modsecurity-2.9.1/hapmodeconfig/INSTALL/include/ > > Well, I'm sorry, I don't know

Re: WAF with HA Proxy.

On Mon, Aug 13, 2018 at 02:24:00PM +0530, DHAVAL JAISWAL wrote: > /usr/local/src/modsecurity-2.9.1/hapmodeconfig/INSTALL/include/ Well, I'm sorry, I don't know what type of help you expect by simply dumping a path like this. > ./modsecurity -h > > -bash: ./modsecurity: No such file or directory

Re: WAF with HA Proxy.

ity on HA Proxy server with the following > way. > > However, it throws error. > > > > https://fossies.org/linux/haproxy/contrib/modsecurity/README > > > > ./modsecurity.h -h > > You are sourcing a C include file. The README says "./modsecurity -h"

Re: WAF with HA Proxy.

On Mon, Aug 13, 2018 at 01:09:58PM +0530, DHAVAL JAISWAL wrote: > Trying to configure mod security on HA Proxy server with the following way. > However, it throws error. > > https://fossies.org/linux/haproxy/contrib/modsecurity/README > > ./modsecurity.h -h You are sourcin

Re: WAF with HA Proxy.

Trying to configure mod security on HA Proxy server with the following way. However, it throws error. https://fossies.org/linux/haproxy/contrib/modsecurity/README ./modsecurity.h -h ./modsecurity.h: line 1: /bin: Is a directory ./modsecurity.h: line 2: acmp.h: command not found

http-request set-src without PROXY protocol

Hi, i'm currently experimenting with "http-request set-src". When i use it in a backend with PROXY Protocol configured, it's working and the IP is written in the PROXY protocol header. But what does "set-src" do if no PROXY Procotol is used/can be used? Is the "http

Re: Possibility to modify PROXY protocol header

2018-07-31 17:56 GMT+02:00 James Brown : > I think if you use the `http-request set-src` directive it'll populate the > PROXY headers in addition to the internal logging > > On Fri, Jul 27, 2018 at 7:05 AM bjun...@gmail.com wrote: >> >> Hi, >> >> is there an

Re: Possibility to modify PROXY protocol header

I think if you use the `http-request set-src` directive it'll populate the PROXY headers in addition to the internal logging On Fri, Jul 27, 2018 at 7:05 AM bjun...@gmail.com wrote: > Hi, > > is there any possibilty to modify the client ip in the PROXY Protocol > header befor

Possibility to modify PROXY protocol header

Hi, is there any possibilty to modify the client ip in the PROXY Protocol header before it is send to a backend server? My use case is a local integration/functional testing suite (multiple local docker containers for testing the whole stack - haproxy, cache layer, webserver, etc.). I would

Re: Regarding HA proxy configuration with denodo

steps required or the configuration that need to > be done to connect HA proxy with the available denodo servers . HA proxy > should be able to connect either of the denodo server available . > Hello. This is the public mailing list for users of the open source haproxy tool. You would b

Regarding HA proxy configuration with denodo

We have two different denodo servers installed on two machines (LINUX) installed on AWS and one load balancer installed on one of those machines . Can you please provide the steps required or the configuration that need to be done to connect HA proxy with the available denodo servers . HA proxy

Re: Show: h-app-proxy – Application server inside haproxy

On Fri, 18 May 2018 16:30:46 +0200 Tim Düsterhus wrote: > Thierry, > > Am 18.05.2018 um 12:47 schrieb Thierry FOURNIER: > > Hi, > > > > This is a great usage of Lua. I add a link on my own blog: > > > >http://blog.arpalert.org/p/interesting-links.html > > Thank you!

Re: Show: h-app-proxy – Application server inside haproxy

Thierry, Am 18.05.2018 um 12:47 schrieb Thierry FOURNIER: > Hi, > > This is a great usage of Lua. I add a link on my own blog: > >http://blog.arpalert.org/p/interesting-links.html Thank you! Don't forget to fix the typo in your redis connection pool I mentioned in my mail. Best regards

Re: Show: h-app-proxy – Application server inside haproxy

Hi, This is a great usage of Lua. I add a link on my own blog: http://blog.arpalert.org/p/interesting-links.html Thierry On Sat, 12 May 2018 11:23:31 +0200 Aleksandar Lazic wrote: > Hi Tim. > > Am 11.05.2018 um 20:57 schrieb Tim Düsterhus: > > Hi list, > > > > I

Re: Show: h-app-proxy – Application server inside haproxy

Hi Tim. Am 11.05.2018 um 20:57 schrieb Tim Düsterhus: > Hi list, > > I recently experimented with the Lua API to check out it's capabilities > and wanted to show off the results: > > I implemented a very simple short URL service entirely in haproxy with > Redis as it's backend. No backend

Show: h-app-proxy – Application server inside haproxy

Hi list, I recently experimented with the Lua API to check out it's capabilities and wanted to show off the results: I implemented a very simple short URL service entirely in haproxy with Redis as it's backend. No backend service needed :-) Thanks to Thierry for his Redis Connection Pool

Re: WAF with HA Proxy.

Thank you for the feedback, although this is in fact a technical solution I never intended to offend anyone. I have submitted fixes to haproxy in the past but have not as you say responded to questions before this. thanks again for the feedback -mark On Wed, May 9, 2018 at 2:03 PM, Willy

Re: WAF with HA Proxy.

Mark, On Wed, May 09, 2018 at 10:40:38AM -0700, Mark Lakes wrote: > For commercial purposes, see Signal Sciences Next Gen WAF solution: > https://www.signalsciences.com/waf-web-application-firewall/ Advertising for commercial products on an open source list is never welcome especially when such

Re: WAF with HA Proxy.

Signal Sciences Next Gen WAF solution: > > >> https://www.signalsciences.com/waf-web-application-firewall/ > > >> > > >> > > >> > > >> Mark Lakes > > >> Sr Software Engineer > > >> (555) 555- > > >&

Re: WAF with HA Proxy.

On Wed, 9 May 2018 21:10:48 +0100 Andrew Smalley wrote: > Hello Thierry > > Thank you for your response saying it is the SPOE engine that does > mod_security integration and not the almost correct SPOA that I said. No, you're right: SPOA is the Agent and the ModSec

Re: WAF with HA Proxy.

-web-application-firewall/ > >> > >> > >> > >> Mark Lakes > >> Sr Software Engineer > >> (555) 555- > >> Winner: InfoWorld Technology of the Year 2018 > >> > >> > >> On Wed, May 9, 2018 at 2:23 AM, DHAVAL J

Re: WAF with HA Proxy.

Sure, note that it doesnt integrate with mod_security. It integrates with haproxy via a lua script and haproxy config that uses it. *Mark Lakes* Sr Software Engineer (555) 555- Winner: InfoWorld Technology of the Year 2018

Re: WAF with HA Proxy.

Hello Thierry Thank you for your response saying it is the SPOE engine that does mod_security integration and not the almost correct SPOA that I said. Can I ask how haproxy does the SSO with the SPOE/SPOA Engine? Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44

Re: WAF with HA Proxy.

Hi, I confirm: the modsecurity i done throught SPOE. The limitation are: The limit of the body size analysed is the size of HAProxy buffer (default 16kB, but for my own usage, I configure 1MB) The response is not analysed. BR, Thierry > On 9 May 2018, at 21:40, Andrew Smalley

Re: WAF with HA Proxy.

Hi Mark Actually as far as I understand the Haproxy implementation of mod_security integration is not with Lua but with SPOA https://www.haproxy.org/download/1.7/doc/SPOE.txt Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064

Re: WAF with HA Proxy.

RIght, via lua module it integrates with haproxy. -mark *Mark Lakes* Sr Software Engineer (555) 555- Winner: InfoWorld Technology of the Year 2018

Re: WAF with HA Proxy.

, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <dhava...@gmail.com> wrote: >>> >>> I am looking for WAF solution with HA Proxy. >>> >>> One which I come to know is with HA Proxy version 1.8.8 + mode security. >>> However, I feel its still on early stage

Re: WAF with HA Proxy.

On Wed, 9 May 2018 at 18:43, Mark Lakes wrote: > For commercial purposes, see Signal Sciences Next Gen WAF solution: > https://www.signalsciences.com/waf-web-application-firewall/ > That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it integrate with

Re: WAF with HA Proxy.

t; <https://www.facebook.com/SignalSciences/> > <https://twitter.com/signalsciences> > <https://www.linkedin.com/company/signal-sciences/> > > On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <dhava...@gmail.com> wrote: > >> I am looking for WAF solution with

Re: WAF with HA Proxy.

018 at 2:23 AM, DHAVAL JAISWAL <dhava...@gmail.com> wrote: > I am looking for WAF solution with HA Proxy. > > One which I come to know is with HA Proxy version 1.8.8 + mode security. > However, I feel its still on early stage. > > Any other recommendation for WAF with HA Proxy. > > > -- > Thanks & Regards > Dhaval Jaiswal >

WAF with HA Proxy.

I am looking for WAF solution with HA Proxy. One which I come to know is with HA Proxy version 1.8.8 + mode security. However, I feel its still on early stage. Any other recommendation for WAF with HA Proxy. -- Thanks & Regards Dhaval Jaiswal

Re: [bug] http-reuse and TCP mode warning when using PROXY protocol

Hello Louis, On Thu, Apr 26, 2018 at 02:07:50PM +0200, Louis Chanouha wrote: > Hello, > > I set a global http-reuse safe. > > HAProxy displays a warning for http-reuse and send-proxy combinaison on TCP > mode backends, but http-reuse is active only on HTTP mode backends.

[bug] http-reuse and TCP mode warning when using PROXY protocol

Hello, I set a global http-reuse safe. HAProxy displays a warning for http-reuse and send-proxy combinaison on TCP mode backends, but http-reuse is active only on HTTP mode backends. [WARNING] 115/135122 (26529) : config : proxy ' SMTPS_SUBMISSION' : connections to server 'f1' will have

Re: MINOR: proxy: Add fe_defbe fetcher

Hi Marcin, On Fri, Apr 13, 2018 at 03:41:18PM +0200, Marcin Deranek wrote: > Hi, > > New fetcher which adds ability to retrieve default backend name for > frontend. Should cleanly apply to both 1.8 & 1.9 branches. Now merged, thank you! Willy

Re: [PATCH] BUG/MINOR: http: Return an error in proxy mode when url2sa fails

On Mon, Apr 16, 2018 at 10:29:11AM +0200, Christopher Faulet wrote: > Here is a patch fixing an old bug in proxy mode, when you mix valid requests > (using an IP) with invalid ones (with a domain name for instance). > > With following configuration: > > listen test

[PATCH] BUG/MINOR: http: Return an error in proxy mode when url2sa fails

Hi, Here is a patch fixing an old bug in proxy mode, when you mix valid requests (using an IP) with invalid ones (with a domain name for instance). With following configuration: listen test mode http bind *: option http_proxy try to do: $> printf "

MINOR: proxy: Add fe_defbe fetcher

: Fri, 13 Apr 2018 14:37:50 +0200 Subject: [PATCH] MINOR: proxy: Add fe_defbe fetcher Patch adds ability to fetch frontend's default backend name in your logic, so it can be used later to derive other backend names to make routing decisions. --- doc/configuration.txt | 4 src/frontend.

Re: 答复: proxy error 502

e.com/a.pdf>is ok. 4.Haproxy tcp proxy is ok. 5. /[root@t08 haproxy-1.8.5]# haproxy -f /etc/haproxy/haproxy.cfg -d/// /Available polling systems :/ /  epoll : pref=300,  test result OK/ /   poll : pref=200,  test result OK/ / select : pref=150,  test result FAILED/

Re: proxy error 502

Hi Ricky, Works for me with your configuration, mostly. Adding a bind to the frontend and using haproxy 1.8.3 (it doesn't allow the implicit bind on the frontend line itself..). Also added the fastcgi config and a empty mimetype file.. [2.4.3-RELEASE][root@pfSe.localdomain]/root: haproxy -f

Re: Can HA-Proxy set an header when he "breaks" stick routing

gt;> >> >> To be very precise the feature I am looking for from HA-Proxy is that >> when HA-Proxy does a re-dispatch HA-Proxy also ads a Header, which will >> tell the server receiving the request from HA-Proxy that HA-Proxy has done >> a re-dispatch. This is the cri

Re: Can HA-Proxy set an header when he "breaks" stick routing

Hi, On Thu, Mar 22, 2018 at 6:24 PM, Gisle Grimen <gisle.gri...@evry.com> wrote: > Hi, > > > > Thank you for your response. > > > > To be very precise the feature I am looking for from HA-Proxy is that when > HA-Proxy does a re-dispatch HA-Proxy also ads a

Re: Can HA-Proxy set an header when he "breaks" stick routing

Hi, Thank you for your response. To be very precise the feature I am looking for from HA-Proxy is that when HA-Proxy does a re-dispatch HA-Proxy also ads a Header, which will tell the server receiving the request from HA-Proxy that HA-Proxy has done a re-dispatch. This is the critical feature

Re: Can HA-Proxy set an header when he "breaks" stick routing

Hi, On Wed, Mar 21, 2018 at 8:57 PM, Gisle Grimen <gisle.gri...@evry.com> wrote: > Hi, > > Il try to be more specific: > > The functionality I was looking for on HA-Proxy in connection with > sticky-routing is the following: > > Normal flow all servers up (this is

Re: Can HA-Proxy set an header when he "breaks" stick routing

Hi, Il try to be more specific: The functionality I was looking for on HA-Proxy in connection with sticky-routing is the following: Normal flow all servers up (this is functionality available today): 1. HA-Proxy receives a request 2. HA-Proxy checks the sticky table and determines

Re: [PATCH] support CRC32c for proxy protocol v2 (send, accept)

Hello, On Wed, Mar 21, 2018 at 5:09 AM, Willy Tarreau wrote: > OK patch now applied, thanks. Since you added a new hash algo, it could > be nice to create a "crc32c" converter to expose it to the configuration > as well. Could you please take a look at crc32 and do the same ? We

Re: Can HA-Proxy set an header when he "breaks" stick routing

rvers are based on > international standards as such we cannot add additional requirements to the > server sending the requests. As such we have to solve it within our > infrastructure. With a little help from HA-proxy you could then create very > efficient local caches on each node, but

Re: Can HA-Proxy set an header when he "breaks" stick routing

to the server sending the requests. As such we have to solve it within our infrastructure. With a little help from HA-proxy you could then create very efficient local caches on each node, but without we need complicated and resource intensive shared caches or databases. I hope this would

Re: [PATCH] support CRC32c for proxy protocol v2 (send, accept)

u please take a look at crc32 and do the same ? > About PROXYv2, it's now possible to extract all known TLV from varnish via > http://varnish-cache.org/docs/6.0/reference/vmod_proxy.generated.html#vmod-proxy-3 > > <http://varnish-cache.org/docs/6.0/reference/vmod_proxy.generated.ht

Re: [PATCH] support CRC32c for proxy protocol v2 (send, accept)

Hi Willy,Le 19 mars 2018 à 12:38, Willy Tarreau <w...@1wt.eu> a écrit :Hi Manu,On Mon, Feb 05, 2018 at 05:10:05PM +0100, Emmanuel Hocdet wrote:Hi,Series of patches to support CRC32c checksum to proxy protocol v2 header(as describe in "doc/proxy-protocol.txt »). add hash_crc32c fu

Re: [PATCH] support CRC32c for proxy protocol v2 (send, accept)

Hi Manu, On Mon, Feb 05, 2018 at 05:10:05PM +0100, Emmanuel Hocdet wrote: > Hi, > > Series of patches to support CRC32c checksum to proxy protocol v2 header > (as describe in "doc/proxy-protocol.txt ») > . add hash_crc32c function > . add « crc32c » option to proxy-v2-o

Re: Can HA-Proxy set an header when he "breaks" stick routing

Hi, On Fri, Mar 16, 2018 at 12:31:47PM +, Gisle Grimen wrote: > Hi, > > We are using HA-Proxy with sticky routing in front of our cluster. Is there a > way to get HA-Proxy to add or set an header on a forwarded request when > HA-Proxy "breaks" sticky routing i.e. wh

Can HA-Proxy set an header when he "breaks" stick routing

Hi, We are using HA-Proxy with sticky routing in front of our cluster. Is there a way to get HA-Proxy to add or set an header on a forwarded request when HA-Proxy “breaks” sticky routing i.e. when forwarding the request to another server then the one indicated in the sticky table? If so what

Re: [PATCH] support CRC32c for proxy protocol v2 (send, accept)

Hi Willy, Since patches "[PATCH] proxy-v2-options ssl-cipher,cert-sig,cert-key,authority » are merged, these could be considered. ++ Manu > Le 5 févr. 2018 à 17:10, Emmanuel Hocdet <m...@gandi.net> a écrit : > > Hi, > > Series of patches to support CRC32c checksum t

<    1   2   3   4   5   6   7   8   9   10   >