Hi,
> Le 27 nov. 2019 à 03:46, Willy Tarreau a écrit :
>
>> @@ -5046,7 +5046,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf,
>> struct ssl_bind_conf *ssl_
>> NULL);
>>
>> if (ecdhe == NULL) {
>> +#if defined(SSL_CTX_set_ecdh_auto)
>>
Le 27/11/2019 à 04:03, Willy Tarreau a écrit :
On Wed, Nov 27, 2019 at 12:31:48AM +0100, Lukas Tribus wrote:
That said, I'm not sure this was really the intention of the change in
question (commit 531b83e03 "MINOR: h1: Reject requests if the
authority does not match the header host"). Christophe
Hi there,
Hope you're well.
I recently saw your site and I thought it would be the perfect destination
for a link back to my clients website, please let me know if you would be
interested in posting a do-follow link, weather that is in an existing
article or a brand new article my content team ca
Le 26/11/2019 à 12:56, William Dauchy a écrit :
we were decoding all substring and then parsing; this could lead to
consider & and = in decoding result as delimiters where it should not.
this patch reverses the order by first parsing and then decoding each key
and value separately.
we also stop
Le 27/11/2019 à 11:59, Christopher Faulet a écrit :
Le 27/11/2019 à 04:03, Willy Tarreau a écrit :
On Wed, Nov 27, 2019 at 12:31:48AM +0100, Lukas Tribus wrote:
That said, I'm not sure this was really the intention of the change in
question (commit 531b83e03 "MINOR: h1: Reject requests if the
a
On Wed, Nov 27, 2019 at 02:30:31PM +0100, Christopher Faulet wrote:
> It was merged. I amended your patch to fix 2 issues. The fixes were minor,
> so I preferred to not bother you with that. First, when the scope value is
> tested, we must first be sure it is defined to not dereference a null
> poi
Signed-off-by: Julien Pivotto
---
doc/configuration.txt | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 7e5ecd881..787f77988 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -64,6 +64,12 @@ Summa
Dear list!
We use HAProxy in TCP Mode for non-HTTP protocols.
The request of one particular protocol looks like this:
- length of message (binary value, 4 bytes long)
- binary part (40-200 bytes)
- XML part
Goal: We want to use a particular backend when the XML part of the request
c
Patches update, should address William’s comments.
0001-MINOR-ssl-deduplicate-ca-file.patch
Description: Binary data
0002-MINOR-ssl-compute-ca-list-from-deduplicate-ca-file.patch
Description: Binary data
0003-MINOR-ssl-deduplicate-crl-file.patch
Description: Binary data
[1] is a project I've contributed to because I needed to compile RPMs for
Amazon Linux and the RHEL/CentOS versions didn't quite work correctly. I liked
it because it made the process super simple and took care of most of the
dependencies.
It also includes support for RHEL8 and Amazon Linux 2 a
Dear List
for one project I put an HAProxy HTTPS frontend in front of two backends
currently containing a single server each.
The nginx backend sits in front of a PHP application with a small number
of workers. Because HAProxy handles queuing better than nginx I limited
the nginx server to maxcon
Dear HAProxy Community,
We are upgrading from 2.0.9 to 2.1.0. Accordingly, we have to replace:
.reqirep with http-request and
.resprep with http-response.
We are getting the following two errors.
Error 1: 'http-request replace-header' expects exactly 3 arguments.
Hi Tim,
On Wed, Nov 27, 2019 at 08:21:19PM +0100, Tim Düsterhus wrote:
> Dear List
>
> for one project I put an HAProxy HTTPS frontend in front of two backends
> currently containing a single server each.
>
> The nginx backend sits in front of a PHP application with a small number
> of workers.
Hi Marco,
On Wed, Nov 27, 2019 at 08:38:03AM +0100, Marco Corte wrote:
> Hello!
>
> I see a strange behaviour of the DNS resolution on version 2.0.9 and 2.0.10,
> but I do not know since when this happens.
>
> On Ubuntu 18.04, I set up haproxy to use the local DNS service provided by
> systemd.
Willy,
Am 27.11.19 um 22:20 schrieb Willy Tarreau:
>> a) Is it 50 in-flight requests over a possibly smaller number of HTTP/2
>> connections? (requests <= 50)
>
> Yes that's it. Since we've started to support server-side keep-alive
> in 1.5, the maxconn setting really sets the limit to the number
Hi.
Nov 27, 2019 9:38:35 PM Coscend@HAProxy :
>
> Dear HAProxy Community,
>
>
>
> We are upgrading from 2.0.9 to 2.1.0. Accordingly, we have to replace:
>
> · reqirep with http-request and
>
> · resprep with http-response.
>
>
>
> We are getting the following two errors.
>
> Error 1: 'http-requ
Hemant,
Am 27.11.19 um 21:37 schrieb Coscend@HAProxy:
> 2.0.9 config line that worked:
>
> reqirep ^([^\ ]*)\ /CoscendP/*([^\ ]*)\ (.*)$ \1\ /\2\ \3
>
> rspirep ^(Location:)\ (https?://([^/]*))/(.*)$Location:\
> /CoscendP/\3
>
> Corresponding 2.1.0 config line that gives erro
Hemant,
Sorry, I forgot to adjust the capturing groups. There is an off-by-one
in my examples.
Am 27.11.19 um 22:39 schrieb Tim Düsterhus:
> http-request replace-uri ^/CoscendP/*([^\ ]*)\ (.*)$ \1\ /\2\ \3
This should read:
http-request replace-uri ^/CoscendP/*([^\ ]*)\ (.*)$ /\1\ \2
> http-re
Aleks,
Am 27.11.19 um 22:36 schrieb Aleksandar Lazic:
> This should be replace-uri
> http://cbonte.github.io/haproxy-dconv/2.1/configuration.html#4.2-http-request%20replace-uri
>
> I would try this.
> http-request replace-uri /CoscendP/*([^\ ]*)\ (.*)$ /\2\ \3
>
>
>> http-response replace-head
`eb` being tested above, `res` cannot be null, so the condition is
not needed and introduces potential dead code.
also fix a typo in associated comment
This should fix issue #349
Reported-by: Илья Шипицин
Signed-off-by: William Dauchy
---
src/dns.c | 7 +--
1 file changed, 1 insertion(+),
Hello,
On Wed, Nov 27, 2019 at 10:25 PM Willy Tarreau wrote:
>
> Hi Marco,
>
> On Wed, Nov 27, 2019 at 08:38:03AM +0100, Marco Corte wrote:
> > Hello!
> >
> > I see a strange behaviour of the DNS resolution on version 2.0.9 and 2.0.10,
> > but I do not know since when this happens.
> >
> > On Ubu
Hi team,
Sorry to bother you again but according to CVE-2019-18277 it says A flaw was
found in HAProxy before 2.0.6. So request you to please confirm whether all
versions which is before 2.0.6 are Vulnerable.
Regards,
Anurag
-Original Message-
From: APCoE Product Notifications
Sent:
Hi Lukas,
On Wed, Nov 27, 2019 at 11:53:03PM +0100, Lukas Tribus wrote:
> > If it bothers you (I don't really see why), you can increase the "inter"
> > value on your servers to check them less often and as such refresh their
> > address less often.
>
> You can configure "hold valid " to configur
On Wed, Nov 27, 2019 at 10:35:27PM +0100, Tim Duesterhus wrote:
> Find attached a patch that (hopefully) clarifies the behavior in the
> documentation. Feel free to rephrase the new paragraph in case I said
> something
> incorrect.
It's correct, now applied. Thank you!
Willy
Hi
I'm so excited that HAProxy supports FastCGI, I would like to try this in our
development env first.
Just wonder what is the status of it? Full production ready? What's the
performance?
Thanks
Willy thinks it should be "eb" instead of "res"
https://github.com/haproxy/haproxy/issues/349#issuecomment-548241746
On Thu, Nov 28, 2019, 3:33 AM William Dauchy wrote:
> `eb` being tested above, `res` cannot be null, so the condition is
> not needed and introduces potential dead code.
>
> als
Hi.
Nov 28, 2019 6:30:08 AM flamese...@yahoo.co.jp:
> Hi
> I'm so excited that HAProxy supports FastCGI, I would like to try this in our
> development env first.
> Just wonder what is the status of it? Full production ready? What's the
> performance?
Well it's the first release :-)
I have r
Hi.
Nov 28, 2019 2:40:56 AM apcoeproductnotificati...@wellsfargo.com:
> Hi team,
>
> Sorry to bother you again but according to CVE-2019-18277 it says A flaw was
> found in HAProxy before 2.0.6. So request you to please confirm whether all
> versions which is before 2.0.6 are Vulnerable.
Wel
Hi!
> If it bothers you (I don't really see why), you can increase the "inter"
> value on your servers to check them less often and as such refresh their
> address less often.
You can configure "hold valid " to configure internal caching
(it should be 10 seconds by default though):
I post
On Thu, Nov 28, 2019 at 11:10:34AM +0500, Илья Шипицин wrote:
> Willy thinks it should be "eb" instead of "res"
yup I saw that comment but I don't get why as it is tested above.
--
William
30 matches
Mail list logo