Hello,
Haproxy is a great tool indeed. And as long as you are able to add some dynamic
template generation of haproxy config based on your own business logic I
believe you should be good.
You could leverage consul / consul-template and have the haproxy regenerates
bases on your business
On Fri, Sep 11, 2020 at 05:19:26PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
> Fun. I didn't receive your reply on company mail. I only got it from the
> list using my personal subscription. I hope this message threads properly.
Yep it does.
> Muscle memory is too strong :-/ I even used search
Hi,
HAProxy 2.3-dev4 was released on 2020/09/11. It added 89 new commits
after version 2.3-dev3.
Some might have noticed that we missed the previous dev released two weeks
ago. The fact is that I've been trying hard to attack a deeply rooted old
crap that's been there for more than a decade, and
Hi all,
Hoping you can help me with this query. I have a selection of micro-backends
deployed per customer as containers on Amazon ECS. These customers each have a
public hostname they use to access their respective micro-backend.
Currently we are using Amazon’s ALB to dispatch to these
Miroslav,
Am 11.09.20 um 17:10 schrieb Miroslav Zagorac:
> there is a small typo in the patch, if says 'iff' instead of 'iif':
>
> ---
> + Example:
> + http-request set-header x-forwarded-proto %[ssl_fc,iff(https,http)]
> ---
>
Fun. I didn't receive your reply on company mail. I only got
Hello all,
there is a small typo in the patch, if says 'iff' instead of 'iif':
---
+ Example:
+http-request set-header x-forwarded-proto %[ssl_fc,iff(https,http)]
---
--
Zaga
What can change the nature of a man?
On Fri, Sep 11, 2020 at 04:55:45PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
> I consider 'iif' a bit obscure. It easily looks like a typo. Similar to
> 'iff' for 'if and only if' which tends to generate a number of questions
> as well.
I agree but others possibly know it and we should not
Willy,
Am 11.09.20 um 16:46 schrieb Willy Tarreau:
> First, I really like the feature, that's a great idea.
:-)
>>> - choice (my initial choice)
>>> - ifor / if_or
>>> - ifelse / if_else
>>> - iftrue (with the argument being optional)
>>
>> Maybe something like this would be appropriate (IIF)?
Hi guys,
First, I really like the feature, that's a great idea.
On Fri, Sep 11, 2020 at 04:28:31PM +0200, Miroslav Zagorac wrote:
> On 09/11/2020 03:56 PM, Tim Düsterhus, WoltLab GmbH wrote:
> > We've had a bit of discussion regarding the naming of the converter. I
> > wanted to avoid calling it
On 09/11/2020 03:56 PM, Tim Düsterhus, WoltLab GmbH wrote:
We've had a bit of discussion regarding the naming of the converter. I
wanted to avoid calling it `if`, because then we could have stuff like this:
http-request set-var(txn.foo) bool(1),if(bar,baz)
which can easily be confused with:
Willy,
[keep this email in CC, it's not subscribed to the list]
"either() takes a boolean as input and returns one of the two argument
strings depending on whether the boolean is true."
Find the full details in the attached patch.
---
We've had a bit of discussion regarding the naming of the
On Fri, Sep 11, 2020 at 09:56:21AM +0200, Tim Düsterhus wrote:
> Willy,
>
> Am 11.09.20 um 09:42 schrieb Willy Tarreau:
> > On Fri, Sep 11, 2020 at 09:02:57AM +0200, Tim Düsterhus wrote:
> >> According to the article performing a h2c upgrade via TLS is not valid
> >> according to the spec.
Willy,
Am 11.09.20 um 09:42 schrieb Willy Tarreau:
> On Fri, Sep 11, 2020 at 09:02:57AM +0200, Tim Düsterhus wrote:
>> According to the article performing a h2c upgrade via TLS is not valid
>> according to the spec. HAProxy implements the H2 spec.
>
> "according to the article" :-) There's no
On Fri, Sep 11, 2020 at 09:02:57AM +0200, Tim Düsterhus wrote:
> According to the article performing a h2c upgrade via TLS is not valid
> according to the spec. HAProxy implements the H2 spec.
"according to the article" :-) There's no such mention in the spec
itself from what I remember, it's
On Fri, Sep 11, 2020 at 02:52:30AM -0400, John Lauro wrote:
> I could be wrong, but I think he is stating that if you have that
> allowed, it can be used to get a direct connection to the backend
> bypassing any routing or acls you have in the load balancer, so if you
> some endpoints are blocked,
Hi Ionel,
On Fri, Sep 11, 2020 at 08:35:58AM +0200, Ionel GARDAIS wrote:
> Hi Willy,
>
> Being devil's advocate : isn't the point that even if this is a documented,
> standardized and intended behavior, users relying on the reverse proxy for
> security/sanity checks could by tricked by this
Willy,
Am 11.09.20 um 08:07 schrieb Willy Tarreau:
> On Fri, Sep 11, 2020 at 01:55:10PM +1000, Igor Cicimov wrote:
>> Should we be worried?
>>
>> https://portswigger.net/daily-swig/http-request-smuggling-http-2-opens-a-new-attack-tunnel
>
> But this stuff is total non-sense. Basically the guy is
I could be wrong, but I think he is stating that if you have that
allowed, it can be used to get a direct connection to the backend
bypassing any routing or acls you have in the load balancer, so if you
some endpoints are blocked, or internal only, they could potentially
be accessed this way.
For
Hi Willy,
Being devil's advocate : isn't the point that even if this is a documented,
standardized and intended behavior, users relying on the reverse proxy for
security/sanity checks could by tricked by this feature inadvertently ?
--
Ionel GARDAIS
Tech'Advantage CIO - IT Team manager
-
On Fri, Sep 11, 2020 at 08:07:02AM +0200, Willy Tarreau wrote:
> Sadly, as usual after people discover protocols during the summer, some
> journalists will surely want to make noise about this to put some bread
> on their table...
>
> Thanks for the link anyway I had a partial laugh; partial only
Hi Igor,
On Fri, Sep 11, 2020 at 01:55:10PM +1000, Igor Cicimov wrote:
> Should we be worried?
>
> https://portswigger.net/daily-swig/http-request-smuggling-http-2-opens-a-new-attack-tunnel
But this stuff is total non-sense. Basically the guy is complaining
that the products he tested work
21 matches
Mail list logo