[SPAM] 15 euros offerts pour trouver le cadeau idéal

[ Profitez de votre offre pour trouver le cadeau idéal ]( http://r.journaldujour.fr/2vdiyd6r1actsbd.html ) | Vous recevez mes news car vous vous êtes abonnés à RV [ ]( http://r.journaldujour.fr/2vdiyd6rtqctsbd.html ) [ ]( http://r.journaldujour.fr/2vdiyd6sm6ctsbd.html ) [ ](

Re: [SPAM] Visibility on tune.ssl.cachesize

On Wed, Dec 2, 2015 at 3:14 PM, Olivier Doucet wrote: > Hello all, > > I see parameter tune.ssl.cachesize with default value of 2 > > But today, I have no idea how much of this cache I'm actually using, and I > fail to find any information about it. Is there a way to know

Re: Can HAProxy be setup to limit outbound requests to specific external service providers?

On Wed, Dec 2, 2015 at 7:01 PM, John Pingel wrote: > Willy, Thierry, and all: > > My employer uses an external service provider that requires that we do not > over use their services.So, I need to use HAProxy to help throttle/limit > the max number of user connections

Re: [PATCH 1/3] BUG/MEDIUM: checks: email-alert not working when declared in defaults

On Fri, Dec 04, 2015 at 03:07:06AM +0100, Cyril Bonté wrote: > Tommy Atkinson and Sylvain Faivre reported that email alerts didn't work when > they were declared in the defaults section. This is due to the use of an > internal attribute which is set once an email-alert is at least partially >

Re: [PATCH] wrong calloc call

On Wed, Nov 25, 2015 at 03:32:34PM +, David CARLIER wrote: > HI all, > > there is it is a small patch which fix a wrong calloc call, I think. Both are technically equivalent since calloc multiplies the two members, but you're perfectly right and seeing them reversed is at least confusing. I

Why does this config snippet fail

Hi all, I'm using this snippet in the config of version 1.5.14 of haproxy: http-request redirect location https://www.domain.%[req.fhdr(accept-language),lower,language(de-at;de-ch,de),map(/etc/haproxy/language-map.txt,de)]/ code 301 As soon as there is NO Accept-Language-Header in the request

Fwd: Re: [squid-users] intercepting traffic

i am looking to setup a transparent intercepting proxy, where i use iptables to DNAT traffic on port 80 and redirect it to HAProxy and in turn load balance to Squid for fulfillment. the DNAT to HAProxy works and the load balance to Squid works, but Squid sees the request without the correct

Re: Re: CPU 100% when waiting for the client timeout

Hi Baiyang, On Thu, Dec 03, 2015 at 06:44:29PM +0800, baiyang wrote: > Hi Willy, > > It's a peaceful week, I think the root of the bug has been exactly located to > "timeout client-fin" and "timeout server-fin" options. Great, thanks for your encouraging feedback! I'm glad it worked in the end!

question haproxy 1.5

Hi, I have HAPROXY in front of servers backend which are load balanced. So, in https, we have only one address where the front https haproxy listen : bind :443. And we have some clients for which, we only pass-through the traffic, so we use the mode tcp . Frontend https-tcp-in Mode tcp

stick table replication problem

Hi, We just had a strange replication problem on our staging environment. We have 2 HAproxy servers. They were running for 2 weeks now. At the beginning, I checked that the stick tables were properly synced. Today, stick tables were not synced, for example : root@proxy1>: echo "show table

DOC: Edited 51Degrees section of README.

Hi, Attached is a patch with an edit to the information in the README regarding 51Degrees installation and configuration. Ben. This email and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not

Re: Re: CPU 100% when waiting for the client timeout

Hi Willy, It's a peaceful week, I think the root of the bug has been exactly located to "timeout client-fin" and "timeout server-fin" options. Thanks :-) -- Best Regards BaiYang baiy...@gmail.com http://baiy.cn < END OF EMAIL > From: Willy Tarreau Date: 2015-11-26

enabling cpu-map

Hi, I'm trying to use the cpu-map directive on haproxy 1.6 (Debian 8), but am getting the error: 'cpu-map' is not enabled, please check build options for USE_CPU_AFFINITY I understand from this that I need to recompile with some different options, but could anyone point me in the direction of

RE: SSLv2Hello is disabled

-Original Message- From: Lukas Tribus [mailto:luky...@hotmail.com] Sent: Wednesday, December 02, 2015 4:42 PM To: Cohen Galit; Igor Cicimov Cc: HAProxy Subject: RE: SSLv2Hello is disabled Hi Galit, > I want to emphasize that the following test succeeded: > > [root@proxy-au51

Get haproxy to listen only on the public IP

Is there any way to get haproxy to listen only on the public IP, other than by specifying the IP? I dont want this to listen on the loopback.

Re: [CLEANUP]: silencing warning in dumpsters

On Wed, Nov 18, 2015 at 06:18:19AM +, David CARLIER wrote: > Hi all, > > this should be a harmless patch in order to silence the compiler > warning in some operating systems regarding time_t / printf format > specifier. Applied, thanks David. Willy

Re: enabling cpu-map

Looks like I might have messed something up with the original compilation (since my target is showing as custom). I'll go back and take a look at the procedure I used. Thanks. >From -vv : Build options : TARGET = custom CPU = native CC = gcc CFLAGS = -O2 -march=native -g

Re: Multiproc balance

On 02/12/2015 01:35 μμ, Stefan Johansson wrote: > Hello, > > the usage is based on session rate (i.e the percentage I listed, those are > the approximate session rates per haProxy process). The CPU% of the > respective core mirrors this as well (nothing else running on those cores >

Re: [PATCH]: BUG/MEDIUM: da

On Wed, Dec 02, 2015 at 12:21:52PM +, David Carlier wrote: > HI all, > > another patch to fix an use case when the attended HTTP header by the > convertor is not found, either by Haproxy req*del modifiers or even just > the web browser, hence avoiding a segfault. > > Please cc

Re: [PATCH] wrong calloc call

True. This day I spent a lot of time doing a lot of calloc call writing hence that is probably why it caught my eyes in first place :) thanks. On 3 December 2015 at 10:33, Willy Tarreau wrote: > On Wed, Nov 25, 2015 at 03:32:34PM +, David CARLIER wrote: >> HI all, >> >> there

RE: Get haproxy to listen only on the public IP

Hi Unkown User! > Is there any way to get haproxy to listen only on the public IP, other  > than by specifying the IP?  > I dont want this to listen on the loopback.  Use the interface keyword: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-interface Regards, Lukas

Re: enabling cpu-map

❦ 3 décembre 2015 08:59 +0100, SL  : > I'm trying to use the cpu-map directive on haproxy 1.6 (Debian 8), but > am getting the error: > > 'cpu-map' is not enabled, please check build options for > USE_CPU_AFFINITY > > I understand from this that I need to recompile with some

Re: [PATCH] MINOR: DeviceAtlas slight update

On Wed, Dec 02, 2015 at 11:28:28AM +, David Carlier wrote: > Hi all, > > Here it is a slight change, the DeviceAtlas module logging is silented by > default. > Also via the -vv flag, the DeviceAtlas support should be displayed. Applied, thanks! Willy

Re: stick table replication problem

Hi Sylvain, On Thu, Dec 03, 2015 at 12:05:02PM +0100, Sylvain Faivre wrote: > Hi, > > We just had a strange replication problem on our staging environment. > We have 2 HAproxy servers. They were running for 2 weeks now. > At the beginning, I checked that the stick tables were properly synced. >

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On 12/02/2015 08:17 PM, Dave Zhu (yanbzhu) wrote: > Hello all, > > I¹ve written up Willy and Emeric¹s proposal and it seems to test fine, at > least from a functionality standpoint. > > I would appreciate it if interested parties would beat on this harder than > I did to work out kinks. > > To

Re: [PATCH] MINOR: DeviceAtlas slight update

Hi Guys , how do unsubscribe :) Thanks Alex > On Dec 3, 2015, at 2:35 AM, Willy Tarreau wrote: > > On Wed, Dec 02, 2015 at 11:28:28AM +, David Carlier wrote: >> Hi all, >> >> Here it is a slight change, the DeviceAtlas module logging is silented by >> default. >> Also via

Re: question haproxy 1.5

Hi Alain, On Thu, Dec 03, 2015 at 12:14:20PM +, Labedan, Alain wrote: > > Hi, > > I have HAPROXY in front of servers backend which are load balanced. > > So, in https, we have only one address where the front https haproxy listen > : bind :443. > And we have some clients for which, we

RE: SSLv2Hello is disabled

Hi, > I'll try to pack again the OpenSSL files (must work with rpm) from > original repository and will let you know. Thanks. Ok, but first try the other proposal (takes less time): >> Should I just add to haproxy.cfg the following? >> force-tlsv10 > > Yes, you can try: > > global >

Re: [PATCH] MINOR: DeviceAtlas slight update

Hi Alex, On Thu, Dec 03, 2015 at 05:32:16AM -0800, Alex wrote: > Hi Guys , how do unsubscribe :) As indicated on the site, by sending an e-mail to : haproxy+unsubscr...@formilux.org but I've done it for you right now. Best regards, Willy

Re: DOC: Edited 51Degrees section of README.

On Thu, Dec 03, 2015 at 10:43:56AM +, Ben Shillito wrote: > Hi, > > Attached is a patch with an edit to the information in the README regarding > 51Degrees installation and configuration. Applied to 1.7 and 1.6, thanks Ben. Willy

PCB manufacturer of Prototype, Small volume and Medium volume

Dear Sir / Madam , Good day. I'm Agnes from HMX Electronic, a professional PCB manufacturer of Prototype, Small volume and Medium volume orders with the certificates of UL, ISO9001, and RoHs. Our factory highlights as below: 1, High Quality and Technology Capability We process the

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hey Emeric, I’m in the process of cleaning up the patches, indentation and style so I’ll post up another set to the mailing list as Willy suggested. -Dave On 12/3/15, 9:56 AM, "Emeric Brun" wrote: >On 12/02/2015 08:17 PM, Dave Zhu (yanbzhu) wrote: >> Hello all, >> >> I¹ve

RE: SEGFAULT in in buffer_insert_line2

Hi Bernd, Willy, > Hello, > > im getting segfault, it happens on 1 of ~500 million requests that are > processed on haproxy 1.6.2-2 on debian wheezy and jessie (systems > updated, crash stayed). > > If you need more informations, let me know. > > Thank You. > > Trace: > (gdb) thread apply all bt

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hey Willy On 12/3/15, 1:40 AM, "Willy Tarreau" wrote: >I didn't understand what you meant with this last sentence, it sounds like >there could be multiple default contexts which are more or less randomly >chosen so that confuses me. Sorry if that was confusing. I was merely trying

Re: stick table replication problem

On Thu, Dec 03, 2015 at 03:56:45PM +0100, Sylvain Faivre wrote: > According to our logs, both HAproxy processes were started at Nov 24 > 11:25:xx and application errors caused by lack of session replication > started happenning at Dec 1 17:05:35 > So that's a bit more than 1 week later. > >

SEGFAULT in in buffer_insert_line2

Hello, im getting segfault, it happens on 1 of ~500 million requests that are processed on haproxy 1.6.2-2 on debian wheezy and jessie (systems updated, crash stayed). If you need more informations, let me know. Thank You. Trace: (gdb) thread apply all bt full Thread 1 (Thread

RE: SSLv2Hello is disabled

Already did. Unfortunately same error in servers -Original Message- From: Lukas Tribus [mailto:luky...@hotmail.com] Sent: Thursday, December 03, 2015 3:36 PM To: Cohen Galit Cc: HAProxy Subject: RE: SSLv2Hello is disabled Hi, > I'll try to pack again the OpenSSL files (must

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hey Willy On 12/3/15, 1:34 PM, "Willy Tarreau" wrote: > >I'm sorry but I'm missing something. In which case could we have the >choice >between multiple SSL_CTX ? My understanding is that if the SNI is not >found >in the list, we currenlty fall back to the default cert. Now the

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Thu, Dec 3, 2015 at 2:00 PM, Dave Zhu (yanbzhu) wrote: > Hey Bryan. > > I noticed that you gave HAProxy a directory. You have to give it the name > of the cert instead of the directory. > > So your config should be: > > bind :8443 ssl crt ./var/tls/localhost.pem > > > I

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Another odd thing is that both certs are loaded even if the ECC cert doesn't have the proper name. In my testing with a bind line of bind :8443 ssl crt ./var/tls/localhost.pem the ECC cert is loaded if it is in that directory no matter what the file name is. -Bryan On Thu, Dec 3, 2015 at

Re: lua authentication

Thats exactly what I am wanting to code, I just need an example of how to do auth, like userlist, inside of lua. - Original Message - From: "Igor Cicimov" To: "Grant Haywood" Cc: "HAProxy" Sent: Thursday,

Re: lua authentication

Hi Grant, On Fri, Dec 4, 2015 at 7:46 AM, Grant Haywood wrote: > Hello, > > I was wondering if there is a basic example of using lua to do > authentication? > > I am specificaly interested in constructing 'ldap' and 'jwt' versions of > the 'userlist' block > > thx in

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hey Bryan. I noticed that you gave HAProxy a directory. You have to give it the name of the cert instead of the directory. So your config should be: bind :8443 ssl crt ./var/tls/localhost.pem -Dave From: Bryan Talbot > Date: Thursday,

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hi Dave. I've applied the patches but things are not working as I expected. It could be that my expectations are incorrect though. I'm expecting that with two (ECC and RSA) self-signed testing certificates deployed with the haproxy config shown below that ECC capable clients will connect and use

NAHB International Builders' Show 2016

Hello, I see that you are one of the promising exhibitors at NAHB International Builders' Show JAN 19-21, 2016. I am wondering if you are interested in acquiring the potential Attendees List for this event which you can leverage for your pre and post event campaigns. Each record in our database

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hey Emeric, On 12/3/15, 9:56 AM, "Emeric Brun" wrote: > >But i notice some inconsistencies. > >Patch2 (crt conf keywoard): >If the file without key extension is present, this file is loaded but >also the multi_load is called. > >However in Patch3 (crt-list) >If the file

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hi Dave, On Thu, Dec 03, 2015 at 05:36:36PM +, Dave Zhu (yanbzhu) wrote: > On 12/3/15, 1:40 AM, "Willy Tarreau" wrote: > > >I didn't understand what you meant with this last sentence, it sounds like > >there could be multiple default contexts which are more or less randomly >

Re: Email checks in defaults section

Hi Sylvain and Tommy, Le 30/11/2015 10:34, Sylvain Faivre a écrit : On 11/01/2015 06:34 PM, Tommy Atkinson wrote: I want to enable email alerts for all my backends so I added the "email-alert" options to the defaults section and a mailers section at the top level. The documentation indicates

[PATCH 2/3] BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured

A segfault can occur during at the initialization phase, when an unknown "mailers" name is configured. This happens when "email-alert myhostname" is not set, where a direct pointer to an array is used instead of copying the string, causing the segfault when haproxy tries to free the memory. This

[PATCH 3/3] BUG/MINOR: checks: typo in an email-alert error message

When the email alert message couldn't be formatted, the logged error message said the contrary. This fix must be backported to 1.6. --- src/checks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/checks.c b/src/checks.c index e77926a..bc7eaa7 100644 --- a/src/checks.c

[PATCH 1/3] BUG/MEDIUM: checks: email-alert not working when declared in defaults

Tommy Atkinson and Sylvain Faivre reported that email alerts didn't work when they were declared in the defaults section. This is due to the use of an internal attribute which is set once an email-alert is at least partially configured. But this attribute was not propagated to the current proxy

Error when using an IPv6 link-local address as backend

Hi, All my backend servers are connected to a private, IPv6-only network. When I'm trying to use their addresses in "server" directive, HAProxy fails to connect to them. Here's some configurations I've tried (fe80::ec4:7aff:fe59:91dd = backend server, fe80::ec4:7aff:fe6c:4a89 = haproxy): server

SSL handshake failure when using "send-proxy" on HTTPS backend

Hi, I have two backends named "nginx-http" and "nginx-https": the first one handle HTTP connections, the second one HTTPS connections. The proxy protocol works successfully on nginx-http backend: server server1 10.0.80.1:8080 send-proxy check check-send-proxy fall 3 inter 2s weight 10 But the

Re: what's the difference between rspdel and http-response del-header

On Wed, Dec 2, 2015 at 8:50 PM, Ruoshan Huang wrote: > hi, > I’m a confused about the difference between `rspdel` and > `http-response del-header`. if all I want is to delete a hdr of plain text > instead of regular expression, does `http-response del-header` perform