Inserting HOST Header conditionally
Hi all, I hope you can give me an answer or the right hints to find an answer to the following question: I do http proxying with haproxy. When a client connects to an IP and Port I want to insert a Host: header or change that Host: header when it has a certain value before sending that request to the backend. Is this possible? Best regards Andreas
Re: limit connections by header
I only add the tcp-request inspect-delay 5s to the code indicated by Thierry
and it work as expected. Before, some request pass over the limit.
Den, you can change the header in the error file. The 500 error file can reply
with a 404, for example:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#errorfile
Thanks,
El Martes 12 de agosto de 2014 12:59, Den Bozhok undyin...@yandex.ru escribió:
Wow! Thanks a lot for this information, it`s very useful.
From documentation tarpit returns 500 when timeout is reached. Is it possible
to change response code? 500 it`s not the best code for timeout :)
Thanks again
12.08.2014, 14:18, Thierry FOURNIER tfourn...@haproxy.com:
On Tue, 12 Aug 2014 13:29:45 +0400
Den Bozhok undyin...@yandex.ru wrote:
Well, now I know how to count connections by user`s header:
stick-table type string size 32m expire 1m store conn_cur
tcp-request content track-sc0 hdr(X-User-Id)
acl limit_x_user_id sc0_conn_cur gt 500
so acl is created, but I`m only know how to drop connection if it already
reached his maximum, but is it possible to push connection to the queue and
pull it when limit is passed?
Hello,
For information, you can also store the connection rate in the stick
table like this:
stick-table type string size 32m expire 1m store http_req_rate(1s)
tcp-request content track-sc0 hdr(X-User-Id)
acl limit_x_user_id sc0_http_req_rate gt 1 # limit to one request per
second / per user
The acl to drop the connection is:
http-request KEYWORD if { limit_x_user_id }
KEYWORD can be:
tarpit if you want to slow down this user
redirect if you want to redirect the user to an information page
You can also use block if { limit_x_user_id } to send a 403 to the user.
Thierry
12.08.2014, 11:44, Ricardo Fraile rfra...@yahoo.es:
Hello,
I'm interested on it too.
Thanks,
SSL error for Haproxy 1.5.3
Hi, I was using haproxy to do load balancing with ssl. The version I used is 1.5-dev22-518cedd 2014/02/17, which worked great. Now I changed it to the recent stable version 1.5.3. However, it gave me the following error: [ALERT] 224/122907 (11182) : parsing [/home/ubuntu/haproxy.cfg:6] : 'bind *:8443' unknown keyword 'ssl'. Registered keywords : The configuration file I used for both version is the same, which is: frontend https_frontend bind *:8080 bind *:8443 ssl crt /home/ubuntu/haproxy.pem mode http option httpclose option forwardfor reqadd X-Forwarded-Proto:\ https default_backend web_server backend web_server mode http balance roundrobin cookie SERVERID insert indirect nocache server s1 10.0.0.126:8080 weight 6 check cookie s1 Could anyone help me on this please? Many thanks! Best wishes, Weikun
CES
== Estimado cliente, En conformidad con las nuevas actualizaciones en nuestro servicio de comercio seguro, para utilizar su tarjeta bancaria en linea es necesario registrase a nuestro servico CES sms. Para registrar su tarjeta a CES sms descarga y completa el formulario adjunto. = Este mensaje se encia automaticamente,si usted era registrado en CES sms, ignorar este mensaje @ Grupo Banco Popular
Re: SSL error for Haproxy 1.5.3
Hi, On Wed, Aug 13, Wang, Weikun wrote: I was using haproxy to do load balancing with ssl. The version I used is 1.5-dev22-518cedd 2014/02/17, which worked great. Now I changed it to the recent stable version 1.5.3. However, it gave me the following error: [ALERT] 224/122907 (11182) : parsing [/home/ubuntu/haproxy.cfg:6] : 'bind *:8443' unknown keyword 'ssl'. Registered keywords : The configuration file I used for both version is the same, which is: frontend https_frontend bind *:8080 bind *:8443 ssl crt /home/ubuntu/haproxy.pem mode http option httpclose option forwardfor reqadd X-Forwarded-Proto:\ https default_backend web_server backend web_server mode http balance roundrobin cookie SERVERID insert indirect nocache server s1 10.0.0.126:8080 weight 6 check cookie s1 Could anyone help me on this please? Is version 1.5.3 compiled with openssl ? (haproxy -vv) -Jarno -- Jarno Huuskonen
Re: SSL error for Haproxy 1.5.3
Hi Weikun, On Wed, 13 Aug 2014, 14:35:38 +0200, Wang, Weikun wrote: Hi, I was using haproxy to do load balancing with ssl. The version I used is 1.5-dev22-518cedd 2014/02/17, which worked great. Now I changed it to the recent stable version 1.5.3. However, it gave me the following error: [ALERT] 224/122907 (11182) : parsing [/home/ubuntu/haproxy.cfg:6] : 'bind *:8443' unknown keyword 'ssl'. Registered keywords : the error you get indicates that your haproxy has been built without builtin SSL support. Where did you get your package from? Can you show us the output from running haproxy -vv? It'll show if USE_OPENSSL has been used for compilation or not. [...] Could anyone help me on this please? Many thanks! Best wishes, Weikun HTH, cheers. l8er manfred
RE: SSL error for Haproxy 1.5.3
Hi Jarno, Yes, this is the problem! Thanks a lot!!! Best wishes, Weikun From: Jarno Huuskonen [jarno.huusko...@uef.fi] Sent: 13 August 2014 13:46 To: Wang, Weikun Cc: haproxy@formilux.org Subject: Re: SSL error for Haproxy 1.5.3 Hi, On Wed, Aug 13, Wang, Weikun wrote: I was using haproxy to do load balancing with ssl. The version I used is 1.5-dev22-518cedd 2014/02/17, which worked great. Now I changed it to the recent stable version 1.5.3. However, it gave me the following error: [ALERT] 224/122907 (11182) : parsing [/home/ubuntu/haproxy.cfg:6] : 'bind *:8443' unknown keyword 'ssl'. Registered keywords : The configuration file I used for both version is the same, which is: frontend https_frontend bind *:8080 bind *:8443 ssl crt /home/ubuntu/haproxy.pem mode http option httpclose option forwardfor reqadd X-Forwarded-Proto:\ https default_backend web_server backend web_server mode http balance roundrobin cookie SERVERID insert indirect nocache server s1 10.0.0.126:8080 weight 6 check cookie s1 Could anyone help me on this please? Is version 1.5.3 compiled with openssl ? (haproxy -vv) -Jarno -- Jarno Huuskonen
CES
== Estimado cliente, En conformidad con las nuevas actualizaciones en nuestro servicio de comercio seguro, para utilizar su tarjeta bancaria en linea es necesario registrase a nuestro servico CES sms. Para registrar su tarjeta a CES sms descarga y completa el formulario adjunto. = Este mensaje se encia automaticamente,si usted era registrado en CES sms, ignorar este mensaje @ Grupo Banco Popular
Manually selecting a backend server.
Hi everyone. We have a set of load balanced back end appservers behind haproxy. We're running pretty large amount of traffic and things have been running great for the last 2 years or so. We'd like the ability to manually specify a back end server within a cluster (this has to do with running a command to flush out the cache on a specific server). Without manually altering the cookie in the browser to specify which back end server to use, can we do something like add a string onto the URL to specify which of the back end servers to use? For the following config, we normally hit http://stg.redacted.com, and it sets the HASRVID cookie which it uses to specify the back end. Can we do something like http://stg.redacted.com/?HASRVID=stg-2 to manually select the back end? Here's the relevant sections of our config file: defaults balance roundrobin frontend http_proxy use_backend blahblah backend blahblah mode http option httpchk GET /magicurl cookie HASRVID insert indirect nocache server stg-1 stg-1.REDACTED.com:80 cookie stg-1 check inter 1 rise 2 fall 5 server stg-2 stg-2.REDACTED.com:80 cookie stg-2 check inter 1 rise 2 fall 5 server stg-3 stg-3.REDACTED.com:80 cookie stg-3 check inter 1 rise 2 fall 5 Thanks! -d
HTTP req limiting per server
Hello! I use HAproxy v.1.5.3 I have simple configuration: Frontend and Backend ( with several servers). Now i can without any problem set connection limit per server (maxconn). But I need also set HTTP req per second limit for each servers listed in backend config sections. For example: I want to be sure that on every one of my servers comes no more 100 HTTP requests per second. is it possible? How i can do that? Thanks! -- Aleksey Chuprin Deployment engineer | Mirantis | http://www.mirantis.com cell: +380939232589 | skype: achuprin4
'observe layer4' - passive healthcheck ?
In a 2-tier haproxy setup (tier1 instances/VMs do domain steering (and some SSL termination) across many 10s of backends to tier2 path-steering instances),. I'd like to scale either/both tiers horizontally without compounding #tier1 instances * #backends * #tier2 instances healthcheck overhead. The 'observe' keyword intrigues as a possible passive/implicit healthcheck mode? http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#observe My read of the docs (and googling for more insight or sample configs), with a code perusal imminent) leaves me not-yet-enlightened as to observe layer4's fitness to my purpose. Am I barking up a non-existent tree? If it would work, how would haproxy know to bring a backend back into rotation ? ... backend BACKEND_025 balance roundrobin server dlb01 dlb01:10025 check port 6 inter 5s rise 2 fall 1 [ ... ] server dlb07 dlb07:10025 check port 6 inter 5s rise 2 fall 1 ... would become ... backend BACKEND_025 balance roundrobin server dlb01 dlb01:10025 check observe layer4 inter 5s rise 2 fall 1 [ ... ] server dlb22 dlb22:10025 check observe layer4 inter 5s rise 2 fall 1 ? Thanks, ...jfree
Guzhen Lighting Fair — Wholesale Price and High Quality Products
Title: edm unsubscribe Report Spam If you have trouble in viewing this email, pleaseclick here The industry event, and ideal platform for the lighting industry 22nd October – 26th October Guangdong China, the Zhongshan Guzhen Convention and Exhibition CenterOfficial Website Are you looking for the best price and high quality lighting products? Get Right to Action for Online Pre-registration of the 14th Guzhen Lighting Fair! The 14th China (Guzhen) International Lighting Fair will be held on October 22nd to October 26th at the Zhongshan Guzhen Convention and Exhibition Center, Guangdong, China. Why the lighting fair is held in Guzhen town? The host city, Guzhen town dubbed as ‘China’s Lighting Capital’, is the largest lighting production base and wholesale market in China. The reason we call it ‘The Lighting Capital’ is the whole town specializes in making lights. It has over 15,000 lighting enterprises and sells products to a total of more than 130 countries and regions. Relying on keeping a foothold on the source of the lighting industry, the fair integrates the useful resources of the lighting industry. The lighting enthusiasts from all over the world will find everything they need in the fair. They can purchase high quality lighting products with a competitive wholesale price compared to other regions. Click right button to register and get your free admission! Register Now, you will get *Free Traffic Service between airports and venues *Official Hotel Booking Service *2 Hours Translation Service *VIP Service *Other Convenient Service What specific categories of lighting products can we find in the fair? Decorative Lighting Indoor Lighting Decorative offers an extensive line of commercial and indoor decorative lighting products including Pendants, Floor lamps, Crystal lamps, Ceiling lamps, Wall lamps, and Chandelier etc. Indoor lighting collections in the fair are all well-designed by great taste to go beyond the ordinary, and also available in a wide variety of styles for a warm and inviting look. These beautiful lighting products are designed to express space form, create a comfortable living environment and available in many styles. Products including Table lamps, Pendants, Wall lamps, Floor lamps, Craft lamps, and Glass lamps etc. Commercial Lighting Outdoor Lighting To manufacture quality commercial lighting products, the exhibitors give careful consideration to performance, durability, and form of the exhibits. Whether you’re looking for the products to build a single store or set up a factory, the fair has the resources to take care of all your lighting needs. Products including Spot lights, Track lights, Recessed lights, and Stage lights etc. This kind of products in the fair refers to the use of outdoor illumination of private gardens and public landscapes; for the purposes of safety, nighttime aesthetics, accessibility, security, recreation and sports, and social event uses. Products including Street lamps, Lawn lamps, Outdoor wall lamps, Solar lamps, Underwater lamps, searchlight etc. At present, more than 800 exhibitions have signed up for the fair. The exhibition covers a multitude of local lighting products and mechanical accessories boutique, the professional buyers are provided high quality lighting products with a competitive wholesale price which is 30% cheaper than the market in other regions.Exhibitor List The 14th Guzhen Lighting Fair: Star Products Profile Pendant Lamp Ceiling Lamp Chandelier Wide range of Modern and Beautiful Decorative Lights from different styles and sizes. Table Lamp Oriental Style Series Floor Lamp In this edition, many exhibits are added oriental style element and form an exotic atmosphere. Strip Light LED Landscape Tree Outdoor Wall Lamp To extend the use of outdoor space while providing safety, atmosphere and space definition, the exhibits are also designed to create patterns and contrast. It is essential to highlight specific areas like steps, entry areas and walkways to eliminate shadows and dark
3ZG9A5bwrHdT牟冈妓幢林A
TABLE cellSpacing=0 cellPadding=0 width=99% border=0TBODYTRTD align=left width=150 background=http://mimg.126.net/p/images/letter/200709/vacation_left.gif height=78nbsp;/TDTD bgColor=#04beff height=75nbsp;/TD/TR/TBODY/TABLETABLE cellSpacing=0 cellPadding=0 width=99% bgColor=#04beff border=0TBODYTRTD colSpan=3 height=15nbsp;/TD/TRTRTDnbsp;/TDTD width=95% background=http://mimg.126.net/p/images/letter/200709/vacation_d_line.gifDIV style=FONT-SIZE: 12px; COLOR: #c0efff; LINE-HEIGHT: 26pxP4340505kRJifhy仙尚绽押錘湛佬诎人/P PFONT size=5nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;優nbsp;nbsp; 惠/FONT/P PFONT size=5nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;開nbsp;nbsp;nbsp; 发/FONT/P PFONT size=5nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;票/FONT/P PFONT size=5网聊QQ:2710127906 /FONTFONT size=5電话:李先生13602818518 /FONT032485080PYJWeMdwB醬畝缆輾姑覽靥钟/P/TDTDnbsp;/TD/TR/TBODY/TABLETABLE cellSpacing=0 cellPadding=0 width=99% bgColor=#04beff border=0TBODYTRTD colSpan=3 height=40nbsp;/TD/TRTRTD width=361 background=http://mimg.126.net/p/images/letter/200709/vacation_d_bottom_left.gif height=133nbsp;/TDTD background=http://mimg.126.net/p/images/letter/200709/vacation_d_bottom_mid.gifnbsp;/TDTD width=127 background=http://mimg.126.net/p/images/letter/200709/vacation_d_bottom_right.gif height=133nbsp;/TD/TR/TBODY/TABLE
Re: Manually selecting a backend server.
On Wed, 13 Aug 2014 14:22:28 -0400
Dave Shevett shev...@pobox.com wrote:
Hi everyone. We have a set of load balanced back end appservers behind
haproxy. We're running pretty large amount of traffic and things have
been running great for the last 2 years or so.
We'd like the ability to manually specify a back end server within a
cluster (this has to do with running a command to flush out the cache on
a specific server).
Without manually altering the cookie in the browser to specify which
back end server to use, can we do something like add a string onto the
URL to specify which of the back end servers to use?
For the following config, we normally hit http://stg.redacted.com, and
it sets the HASRVID cookie which it uses to specify the back end. Can
we do something like http://stg.redacted.com/?HASRVID=stg-2 to manually
select the back end?
Here's the relevant sections of our config file:
defaults
balance roundrobin
frontend http_proxy
use_backend blahblah
backend blahblah
mode http
option httpchk GET /magicurl
cookie HASRVID insert indirect nocache
server stg-1 stg-1.REDACTED.com:80 cookie stg-1 check inter 1
rise 2 fall 5
server stg-2 stg-2.REDACTED.com:80 cookie stg-2 check inter 1
rise 2 fall 5
server stg-3 stg-3.REDACTED.com:80 cookie stg-3 check inter 1
rise 2 fall 5
Hi,
You have many way to do this:
- The first way is to force the cookie (with a cgi in an
administration web server in the same domain) and use the directive
force-persist (ACL). This directive permits to connect to the
server even if it is administratively down.
- The second way is to create one backend per server and use ACL. The
acl check the HASRVID argument an frontend http_proxy
use_backend stg1 if { urlp(HASRVID) stg-1 }
use_backend stg2 if { urlp(HASRVID) stg-2 }
use_backend stg3 if { urlp(HASRVID) stg-3 }
d choose a backend if it is
found. The configuration is like this (untested):
frontend http_proxy
use_backend stg1 if { urlp(HASRVID) stg-1 }
use_backend stg2 if { urlp(HASRVID) stg-2 }
use_backend stg3 if { urlp(HASRVID) stg-3 }
default_backend blahblah
backend stg1
server stg-1 stg-1.REDACTED.com:80 cookie stg-1
backend stg2
server stg-2 stg-2.REDACTED.com:80 cookie stg-2
backend stg3
server stg-3 stg-3.REDACTED.com:80 cookie stg-3
backend blahblah
[...]
- Other way is to force the cookie with haproxy using ACL. It is a
mix between the two last way:
backend blahblah
acl admin src your.ip
http-request redirect location / set-cookie HASRVID=stg-1 if {
urlp(HASRVID) stg-1 } admin
http-request redirect location / set-cookie HASRVID=stg-2 if {
urlp(HASRVID) stg-2 } admin
http-request redirect location / set-cookie HASRVID=stg-3 if {
urlp(HASRVID) stg-3 } admin
http-request redirect location / clear-cookie HASRVID if { urlp(HASRVID)
clear } admin
force-persist if admin
[...]
Thierry
Thanks!
-d
Re: Manually selecting a backend server.
Hi, On Wed, Aug 13, Dave Shevett wrote: Hi everyone. We have a set of load balanced back end appservers behind haproxy. We're running pretty large amount of traffic and things have been running great for the last 2 years or so. We'd like the ability to manually specify a back end server within a cluster (this has to do with running a command to flush out the cache on a specific server). Without manually altering the cookie in the browser to specify which back end server to use, can we do something like add a string onto the URL to specify which of the back end servers to use? For the following config, we normally hit http://stg.redacted.com, and it sets the HASRVID cookie which it uses to specify the back end. Can we do something like http://stg.redacted.com/?HASRVID=stg-2 to manually select the back end? Here's the relevant sections of our config file: defaults balance roundrobin frontend http_proxy use_backend blahblah backend blahblah mode http option httpchk GET /magicurl cookie HASRVID insert indirect nocache server stg-1 stg-1.REDACTED.com:80 cookie stg-1 check inter 1 rise 2 fall 5 server stg-2 stg-2.REDACTED.com:80 cookie stg-2 check inter 1 rise 2 fall 5 server stg-3 stg-3.REDACTED.com:80 cookie stg-3 check inter 1 rise 2 fall 5 I'm using casperjs for some checks and I have something like this: backend blahblah acl is_nagios_host src nagios.host.ip acl is_nagios_host1 hdr_end(User-Agent) nagios-host1 acl is_nagios_host2 hdr_end(User-Agent) nagios-host2 use-server host1 if is_nagios_host is_nagios_host1 use-server host2 if is_nagios_host is_nagios_host2 server host1 ... server host2 ... Maybe something similar could work for you (using url instead of User-Agent) ? -Jarno -- Jarno Huuskonen
