CVE-2011-3192 and Range requests

2011-08-27 Thread Aristedes Maniatis
What is the vulnerability [1] of an Apache httpd server with haproxy in front of it? 1. haproxy is fine, httpd will still suffer from DoS attacks 2. haproxy may itself suffer DoS 3. haproxy is fine and will protect an httpd server from DoS Thanks for an excellent product. Ari [1]

Re: CVE-2011-3192 and Range requests

2011-08-27 Thread Baptiste
Hi, HAProxy is fine and can protect your Apache. Have a look at this page, you'll find some HAProxy configuration example: Basically, removing the malformed Range header is easy to do. Usually, the same source IP

Re: HAProxy's equivalent to ProxyPreserveHost variable behavior

2011-08-27 Thread Willy Tarreau
On Thu, Aug 25, 2011 at 05:19:04PM +0200, Michael Bode wrote: I have been running haproxy with great success for a while, however I have run into a problem I simply cannot figure. Logging into Atlassian's Bamboo and Confluence behind a proxy with SSL termination at the HAProxy/Stunnel combo

Re: help with tcp-request content track-sc1

2011-08-27 Thread Willy Tarreau
Hi David, On Thu, Aug 25, 2011 at 12:28:43PM -0700, David Birdsong wrote: I've poured over 1.5 docs, and I'm pretty sure this should be possible. Is there a way to extract a header string from an http header and track that in a stick-table of type 'string'? If so, what is the syntax, where