Fw:UL 5 years warranty Cree XTE Flood light with pccooler heatsink

[Miklly Lin]

 =20Hellomyfriend, 
GreetingofLuckyMikllyfromBoslin.Weareprofessionalmanufac=turerinledfloodlightsince2005.Newlyengineer=edproducts-UL5yearswarranty
 CreeXTE =Floodlightwithpccoolerheatsink.1) 
Higherlighteffect,CreeXTEisdiverging,=verybigtouchingarewithPCB2) 
Distributionofth=elight:LED+secondarydistributionofthelightreflector 
3)LEDdriver=contactwiththeheatsinkdirectlyandtheheatdissipationismuchst=ronger4)With
 U=LMeanwellDriver,full5yearswarranty.5)Pccoolerhe=atsink, 
Water-proofdesign(IP65)Yourcomments,=please!   Yours sincerely, 
 Miklly Lin (Sales=nbsp;manager)  BOSLIN 
Asia-BOSLINOptoe=lectronicsSciamp;TechGroupCo.,Ltd   Address: 
TaiHeRongnbsp=;Industrial Bldg A .LiaoKeng . Shiyan,Shenzhen ( =518108 )   
Website: www.simaoled.c=om Mob: +86-13026654358n=bsp;Skype: 
mikllysimaoled=nbsp;Wechat:= miklly0626 whatsap=p: +86 13026654358 
QQnbsp=;online: 137093301 Email:=nbsp;mik...@simaoled.com  

Re: Haproxy balancing authenticated servers

[Baptiste]

Please be more accurate in your answer, otherwise we can't help you!

Baptiste

On Fri, Jul 31, 2015 at 3:44 PM, Francys Nivea 
francys.so...@neurotech.com.br wrote:

 Hello Baptiste,

 A simple one. Just wanted to send the user and pass together with each
 server balanced.

 Peace,


 *Francys Nivea*Analista de Datacenter
  +55 81
 *3312-2740*+55 81  *9 *
 *9113-4564* www.neurotech.com.br

 On 31 July 2015 at 10:42, Baptiste bed...@gmail.com wrote:



 On Fri, Jul 31, 2015 at 3:38 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello all,

 I'm trying to balance a few authenticated HTTP servers, each has its own
 credential to access.
 It would be possible to do this with HAProxy? if so, how?

 Thank you

 Peace,



 Hi Francys,

 What type of authentification do you use?

 Baptiste




 --
 Esta mensagem pode conter informação confidencial e/ou privilegiada.Se
 você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
 você não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em
 relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu
 esta mensagem erroneamente, por favor entre em contato imediatamente ou
 responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais
 do remetente não refletem, necessariamente, o ponto de vista da Neurotech,
 o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este
 e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

 This message may contain confidential and/or privileged information. If
 you are not the addressee or authorized to receive this for the
 addressee, please, you must not use, copy, disclose, change, take any
 action based on this message or any information herein. Personal opinions
 of the sender do not necessarily reflect the view of Neurotech, which is
 only divulged by authorized persons. Please consider the environment before
 printing this email.

Re: Haproxy balancing authenticated servers

[Francys Nivea]

*overload

Peace,


*Francys Nivea*Analista de Datacenter
 +55 81
*3312-2740*+55 81  *9 *
*9113-4564* www.neurotech.com.br

On 31 July 2015 at 10:53, Francys Nivea francys.so...@neurotech.com.br
wrote:

 Sorry

 I dont have control over the balanced servers. The only information I have
 are IP, Port, and credentials (User and Pass of each server).
 I have to do load balancing among them. Nowadays all loads are going to
 only one server, which is generating overhead.
 We already use HAProxy to balance our applications, and works great.
 That's why I wanted to use HAProxy now, but I have no idea how.

 Peace,


 *Francys Nivea*Analista de Datacenter
  +55 81
 *3312-2740*+55 81  *9 *
 *9113-4564* www.neurotech.com.br

 On 31 July 2015 at 10:48, Baptiste bed...@gmail.com wrote:

 Please be more accurate in your answer, otherwise we can't help you!

 Baptiste

 On Fri, Jul 31, 2015 at 3:44 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello Baptiste,

 A simple one. Just wanted to send the user and pass together with each
 server balanced.

 Peace,


 *Francys Nivea*Analista de Datacenter
  +55 81
 *3312-2740*+55 81  *9 *
 *9113-4564* www.neurotech.com.br

 On 31 July 2015 at 10:42, Baptiste bed...@gmail.com wrote:



 On Fri, Jul 31, 2015 at 3:38 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello all,

 I'm trying to balance a few authenticated HTTP servers, each has its
 own credential to access.
 It would be possible to do this with HAProxy? if so, how?

 Thank you

 Peace,



 Hi Francys,

 What type of authentification do you use?

 Baptiste




 --
 Esta mensagem pode conter informação confidencial e/ou privilegiada.Se
 você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
 você não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em
 relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu
 esta mensagem erroneamente, por favor entre em contato imediatamente ou
 responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais
 do remetente não refletem, necessariamente, o ponto de vista da Neurotech,
 o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este
 e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

 This message may contain confidential and/or privileged information. If
 you are not the addressee or authorized to receive this for the
 addressee, please, you must not use, copy, disclose, change, take any
 action based on this message or any information herein. Personal opinions
 of the sender do not necessarily reflect the view of Neurotech, which is
 only divulged by authorized persons. Please consider the environment before
 printing this email.





-- 

--
Esta mensagem pode conter informação confidencial e/ou privilegiada.Se você 
não for o destinatário ou a pessoa autorizada a receber esta mensagem, você 
não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em 
relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu 
esta mensagem erroneamente, por favor entre em contato imediatamente ou 
responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais 
do remetente não refletem, necessariamente, o ponto de vista da Neurotech, 
o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este 
e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

This message may contain confidential and/or privileged information. If you 
are not the addressee or authorized to receive this for the 
addressee, please, you must not use, copy, disclose, change, take any 
action based on this message or any information herein. Personal opinions 
of the sender do not necessarily reflect the view of Neurotech, which is 
only divulged by authorized persons. Please consider the environment before 
printing this email.

Re: Haproxy balancing authenticated servers

[Baptiste]

Since you know the public IP address, you might be able to get connected on
the application and see if you get a 401 or a web form...

From my understanding you simply need stickyness, or worst case, a
deterministic algorithm.
Try enabling cookie based persistence first, if it doesn't work because the
client is dumb, simply use balance source.

Baptiste

On Fri, Jul 31, 2015 at 3:53 PM, Francys Nivea 
francys.so...@neurotech.com.br wrote:

 Sorry

 I dont have control over the balanced servers. The only information I have
 are IP, Port, and credentials (User and Pass of each server).
 I have to do load balancing among them. Nowadays all loads are going to
 only one server, which is generating overhead.
 We already use HAProxy to balance our applications, and works great.
 That's why I wanted to use HAProxy now, but I have no idea how.

 Peace,


 *Francys Nivea*Analista de Datacenter
  +55 81
 *3312-2740*+55 81  *9 *
 *9113-4564* www.neurotech.com.br

 On 31 July 2015 at 10:48, Baptiste bed...@gmail.com wrote:

 Please be more accurate in your answer, otherwise we can't help you!

 Baptiste

 On Fri, Jul 31, 2015 at 3:44 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello Baptiste,

 A simple one. Just wanted to send the user and pass together with each
 server balanced.

 Peace,


 *Francys Nivea*Analista de Datacenter
  +55 81
 *3312-2740*+55 81  *9 *
 *9113-4564* www.neurotech.com.br

 On 31 July 2015 at 10:42, Baptiste bed...@gmail.com wrote:



 On Fri, Jul 31, 2015 at 3:38 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello all,

 I'm trying to balance a few authenticated HTTP servers, each has its
 own credential to access.
 It would be possible to do this with HAProxy? if so, how?

 Thank you

 Peace,



 Hi Francys,

 What type of authentification do you use?

 Baptiste




 --
 Esta mensagem pode conter informação confidencial e/ou privilegiada.Se
 você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
 você não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em
 relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu
 esta mensagem erroneamente, por favor entre em contato imediatamente ou
 responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais
 do remetente não refletem, necessariamente, o ponto de vista da Neurotech,
 o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este
 e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

 This message may contain confidential and/or privileged information. If
 you are not the addressee or authorized to receive this for the
 addressee, please, you must not use, copy, disclose, change, take any
 action based on this message or any information herein. Personal opinions
 of the sender do not necessarily reflect the view of Neurotech, which is
 only divulged by authorized persons. Please consider the environment before
 printing this email.




 --
 Esta mensagem pode conter informação confidencial e/ou privilegiada.Se
 você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
 você não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em
 relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu
 esta mensagem erroneamente, por favor entre em contato imediatamente ou
 responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais
 do remetente não refletem, necessariamente, o ponto de vista da Neurotech,
 o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este
 e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

 This message may contain confidential and/or privileged information. If
 you are not the addressee or authorized to receive this for the
 addressee, please, you must not use, copy, disclose, change, take any
 action based on this message or any information herein. Personal opinions
 of the sender do not necessarily reflect the view of Neurotech, which is
 only divulged by authorized persons. Please consider the environment before
 printing this email.

Haproxy balancing authenticated servers

[Francys Nivea]

Hello all,

I'm trying to balance a few authenticated HTTP servers, each has its own
credential to access.
It would be possible to do this with HAProxy? if so, how?

Thank you

Peace,


*Francys Nivea*Analista de Datacenter
 +55 81
*3312-2740*+55 81  *9 *
*9113-4564* www.neurotech.com.br

-- 

--
Esta mensagem pode conter informação confidencial e/ou privilegiada.Se você 
não for o destinatário ou a pessoa autorizada a receber esta mensagem, você 
não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em 
relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu 
esta mensagem erroneamente, por favor entre em contato imediatamente ou 
responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais 
do remetente não refletem, necessariamente, o ponto de vista da Neurotech, 
o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este 
e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

This message may contain confidential and/or privileged information. If you 
are not the addressee or authorized to receive this for the 
addressee, please, you must not use, copy, disclose, change, take any 
action based on this message or any information herein. Personal opinions 
of the sender do not necessarily reflect the view of Neurotech, which is 
only divulged by authorized persons. Please consider the environment before 
printing this email.

Re: Haproxy balancing authenticated servers

[Francys Nivea]

Hello Baptiste,

A simple one. Just wanted to send the user and pass together with each
server balanced.

Peace,


*Francys Nivea*Analista de Datacenter
 +55 81
*3312-2740*+55 81  *9 *
*9113-4564* www.neurotech.com.br

On 31 July 2015 at 10:42, Baptiste bed...@gmail.com wrote:



 On Fri, Jul 31, 2015 at 3:38 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello all,

 I'm trying to balance a few authenticated HTTP servers, each has its own
 credential to access.
 It would be possible to do this with HAProxy? if so, how?

 Thank you

 Peace,



 Hi Francys,

 What type of authentification do you use?

 Baptiste



-- 

--
Esta mensagem pode conter informação confidencial e/ou privilegiada.Se você 
não for o destinatário ou a pessoa autorizada a receber esta mensagem, você 
não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em 
relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu 
esta mensagem erroneamente, por favor entre em contato imediatamente ou 
responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais 
do remetente não refletem, necessariamente, o ponto de vista da Neurotech, 
o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este 
e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

This message may contain confidential and/or privileged information. If you 
are not the addressee or authorized to receive this for the 
addressee, please, you must not use, copy, disclose, change, take any 
action based on this message or any information herein. Personal opinions 
of the sender do not necessarily reflect the view of Neurotech, which is 
only divulged by authorized persons. Please consider the environment before 
printing this email.

Re: Haproxy balancing authenticated servers

[Baptiste]

On Fri, Jul 31, 2015 at 3:38 PM, Francys Nivea 
francys.so...@neurotech.com.br wrote:

 Hello all,

 I'm trying to balance a few authenticated HTTP servers, each has its own
 credential to access.
 It would be possible to do this with HAProxy? if so, how?

 Thank you

 Peace,



Hi Francys,

What type of authentification do you use?

Baptiste

Re: Haproxy balancing authenticated servers

[Francys Nivea]

Sorry

I dont have control over the balanced servers. The only information I have
are IP, Port, and credentials (User and Pass of each server).
I have to do load balancing among them. Nowadays all loads are going to
only one server, which is generating overhead.
We already use HAProxy to balance our applications, and works great. That's
why I wanted to use HAProxy now, but I have no idea how.

Peace,


*Francys Nivea*Analista de Datacenter
 +55 81
*3312-2740*+55 81  *9 *
*9113-4564* www.neurotech.com.br

On 31 July 2015 at 10:48, Baptiste bed...@gmail.com wrote:

 Please be more accurate in your answer, otherwise we can't help you!

 Baptiste

 On Fri, Jul 31, 2015 at 3:44 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello Baptiste,

 A simple one. Just wanted to send the user and pass together with each
 server balanced.

 Peace,


 *Francys Nivea*Analista de Datacenter
  +55 81
 *3312-2740*+55 81  *9 *
 *9113-4564* www.neurotech.com.br

 On 31 July 2015 at 10:42, Baptiste bed...@gmail.com wrote:



 On Fri, Jul 31, 2015 at 3:38 PM, Francys Nivea 
 francys.so...@neurotech.com.br wrote:

 Hello all,

 I'm trying to balance a few authenticated HTTP servers, each has its
 own credential to access.
 It would be possible to do this with HAProxy? if so, how?

 Thank you

 Peace,



 Hi Francys,

 What type of authentification do you use?

 Baptiste




 --
 Esta mensagem pode conter informação confidencial e/ou privilegiada.Se
 você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
 você não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em
 relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu
 esta mensagem erroneamente, por favor entre em contato imediatamente ou
 responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais
 do remetente não refletem, necessariamente, o ponto de vista da Neurotech,
 o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este
 e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

 This message may contain confidential and/or privileged information. If
 you are not the addressee or authorized to receive this for the
 addressee, please, you must not use, copy, disclose, change, take any
 action based on this message or any information herein. Personal opinions
 of the sender do not necessarily reflect the view of Neurotech, which is
 only divulged by authorized persons. Please consider the environment before
 printing this email.




-- 

--
Esta mensagem pode conter informação confidencial e/ou privilegiada.Se você 
não for o destinatário ou a pessoa autorizada a receber esta mensagem, você 
não deve usar, copiar, divulgar, alterar e não tomar nenhuma ação em 
relação a esta mensagem ou qualquer informação aqui contida.Se você recebeu 
esta mensagem erroneamente, por favor entre em contato imediatamente ou 
responsa por e-mail ao remetente e apague esta mensagem. Opiniões pessoais 
do remetente não refletem, necessariamente, o ponto de vista da Neurotech, 
o qual é divulgado somente por pessoas autorizadas. Antes de imprimir este 
e-mail, veja se realmente é necessário. Ajude a preservar o meio ambiente.

This message may contain confidential and/or privileged information. If you 
are not the addressee or authorized to receive this for the 
addressee, please, you must not use, copy, disclose, change, take any 
action based on this message or any information herein. Personal opinions 
of the sender do not necessarily reflect the view of Neurotech, which is 
only divulged by authorized persons. Please consider the environment before 
printing this email.

L’actualité hebdomadaire par RFI - Syrie: le recours inquiétant aux enfants-soldats

[RFI L'HEBDO]

L’actualité hebdomadaire par RFI -  31/07/2015

Visualisez cet email dans votre navigateur 

http://rfi.nlfrancemm.com/HM?b=FWz9zNOHfrWUBuywpsUH7074VvbmVzQ7G6XDNGLnKLViKxOqi_doUda2VZDKgj43c=OZVZT0Aro-Pup3LnPO2exQ
 


Syrie: le recours inquiétant aux enfants-soldats
L’utilisation d’enfants-soldats par les groupes armés qui combattent en Syrie 
ne cesse de préoccuper les organisations de défense des droits de l’homme et 
les institutions internationales. Plusieurs rapports récents montrent que leur 
nombre s'est accru, particulièrement dans les rangs jihadistes où ils subissent 
un conditionnement idéologique important.
http://rfi.nlfrancemm.com/HP?b=S7Fzkw7HJZYB4f89-wbaBqTBRIQg0M6nX1hvUaklz7czr7PXyzoq8AlnWsthhGGBc=ylejz9fMPk8etsXGtVcm2w
Les millionnaires se multiplient au Kenya
Dix ans après l’Afrique du Sud, c’est au tour du Kenya d’enregistrer une 
croissance record des millionnaires en dollars. Une tendance de fond qui va se 
maintenir au cours de la décennie à venir, selon la banque sud-africaine 
Standard Bank. Et ce, à un rythme deux fois plus rapide que la moyenne mondiale.
http://rfi.nlfrancemm.com/HP?b=dt7nzvUyZlAG2WpkF5qGtA0qFOHy4yYT7mw9XxLAJTB6M77A6W6iWXZpwheqF2Nwc=9XD4S00WjYgIfw-qdZ2iuQ
Chine: le minikrach boursier a-t-il un impact sur l’économie?
Il n’y a pas que la Grèce qui inquiète les marchés. La situation en Chine 
préoccupe également les investisseurs. Depuis près d’un mois, les Bourses de 
Shenzhen et de Shanghaï ont plongé d'environ 30 %. Les autorités ont déployé 
une batterie d'annonces-chocs censées restaurer la confiance. Des annonces qui 
ont plutôt contribué à renforcer l'impression de panique générale. Cette grande 
nervosité sur les principales bourses chinoises – Hong-Kong comprise - a été à 
nouveau constatée en début de semaine quand Shanghaï a plongé de plus de 8 % ce 
lundi, avant de se ressaisir le lendemain, revigorée par une batterie de 
nouvelles mesures qui ont limité les pertes…
http://rfi.nlfrancemm.com/HP?b=0nFamDBKxeyyxikgxw5dKGZNIVt9WCSK3Gu4DGr7zZqSGdv13CC3b6RrVq5amxLOc=wArq1GlHLkpmP64aEs-HYg
Burkina Faso: aucune charte n'est au dessus de la loi fondamentale
Appels sur l'actualité revient sur le vote des députés du parlement intérimaire 
du Burkina Faso, qui ont voté à une large majorité lune demande de mise en 
accusation de Blaise Compaoré par la Haute Cour de Justice pour «haute 
trahison» et «attentat à la constitution». L’ancien chef de l’Etat est 
notamment accusé de s’être «entêté à mettre en œuvre sa volonté de modifier la 
Constitution en vue de freiner le processus de l’alternance démocratique». Les 
députés ont également mis en accusation l’ex-Premier ministre du président 
Compaoré, Luc-Adolphe Tiao, et tout son gouvernement pour «coups et blessures 
volontaires, assassinats et complicités de coup et blessures et d’assassinats». 
Analyse.
http://rfi.nlfrancemm.com/HP?b=UctKQYa7btYRdPHtRl2QKbOEaIVF4q3hZcs9pYFLW0mxbkTKKxm5y9PnRdXTw1sKc=1Vm71EhuiZMwxF2nDyNgIw
Johannes Anyuru, héritier d’Ahmadou Kourouma et de Walter Benjamin
Du paradis souffle une tempête est le premier roman traduit en français de 
Johannes Anyuru, cette star montante des lettres africaines et suédoises… Car 
ce nouveau romancier africain est un Suédois. Il y a du Ahmadou Kourouma, du 
Sony Labou Tansi et du Henri Lopes dans ses récits qui racontent la migration, 
le métissage, mais aussi les lendemains qui déchantent dans l’Afrique 
postcoloniale.
http://rfi.nlfrancemm.com/HP?b=n1RLk5x32I81kTbmBH8Cwkt5X2hUwueF49YpiNCTxrgMqWvgL99wcX_6xOp24wN1c=xJYRC5Sz0mSQke76xgR2Dg
Comprendre la colère des éleveurs français
Pourquoi les éleveurs protestent-ils en France ? Une crise qui touche les trois 
filières : les producteurs de lait, de viande bovine et de viande porcine. Bien 
souvent, c’est la survie de leurs exploitations qui paraît en jeu. Explications.
http://rfi.nlfrancemm.com/HP?b=b3HohSrUX5PaSV8Ba0bIUCGiG_ZUJ3y7hEf8Re3RPY6gb8SK2pbNCErGJynBos90c=CP3Pe1cKcwX3AfyWtbs1ZA


Tunisie: le camp de Choucha, quatre ans plus tard
A une dizaine de kilomètres de la frontière libyenne, le camp de Choucha avait 
été créé en 2011 pour accueillir des migrants venus de la Libye en guerre, à 
l’initiative du Haut-commissariat aux réfugiés des Nations unies, le HCR. 
Quatre ans plus tard, une cinquantaine de migrants, subsahariens pour la 
plupart, y vivent toujours dans des conditions plus que précaires, malgré la 
fermeture officielle du camp en juin 2013.
http://rfi.nlfrancemm.com/HP?b=bohPOmwXgVS3l4Kb9WBnr0cEYNOLu9IMIGOz_7a_bUrqDIOyuPln9rd3ReOsdO6Zc=JZPuCi6Tpc_-HKC89ytisg
La scène musicale rwandaise entre tradition et modernité
On le sait peu, mais le monde de la musique s’organise et se professionnalise 
au Rwanda et espère se faire un nom à l’international - avec une volonté 
affichée de préserver son identité.  
http://rfi.nlfrancemm.com/HP?b=l9mhGwEkJ6V7krHGFy3Wicw_edft2mTt5wH0nXhAJBXwtk3PA92dZ6n5nwaxXB0wc=4PSZXQjqjYtY6eurMdlSYQ
Chine : le business du troisième âge
(Rediffusion du 8 avril 2015) 

[PATCH] Add log-format variable %HQ, to log HTTP query strings

[Andrew Hayworth]

Since this came up in another thread, it seems reasonable to add a
patch that implements %HQ as a log-format variable to record the HTTP
query string. Leaving the initial '?' is intentional, but I don't feel
strongly one way or another.

-- 
- Andrew Hayworth


From b87770d5e513fc923d0d94d2b1d0de00d88acb98 Mon Sep 17 00:00:00 2001
From: Andrew Hayworth andrew.haywo...@getbraintree.com
Date: Fri, 31 Jul 2015 16:14:16 +
Subject: [PATCH 1/1] Add log-format variable %HQ, to log HTTP query strings

Since sample fetches are not always available in the response phase,
this patch implements %HQ such that:

  GET /foo?bar=baz HTTP/1.0

...would be logged as:

  ?bar=baz
---
 doc/configuration.txt |  1 +
 include/types/log.h   |  1 +
 src/log.c | 38 ++
 3 files changed, 40 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index db97cc7..b3ba8a0 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -13987,6 +13987,7 @@ Please refer to the table below for currently
defined variables :
   |   | %H   | hostname  | string  |
   | H | %HM  | HTTP method (ex: POST)| string  |
   | H | %HP  | HTTP request URI without query string (path)  | string  |
+  | H | %HQ  | HTTP request URI query string (ex: ?bar=baz)  | string  |
   | H | %HU  | HTTP request URI (ex: /foo?bar=baz)   | string  |
   | H | %HV  | HTTP version (ex: HTTP/1.0)   | string  |
   |   | %ID  | unique-id | string  |
diff --git a/include/types/log.h b/include/types/log.h
index bbfe020..d0fb966 100644
--- a/include/types/log.h
+++ b/include/types/log.h
@@ -96,6 +96,7 @@ enum {
  LOG_FMT_HTTP_METHOD,
  LOG_FMT_HTTP_URI,
  LOG_FMT_HTTP_PATH,
+ LOG_FMT_HTTP_QUERY,
  LOG_FMT_HTTP_VERSION,
  LOG_FMT_HOSTNAME,
  LOG_FMT_UNIQUEID,
diff --git a/src/log.c b/src/log.c
index ffd8f10..1112f8a 100644
--- a/src/log.c
+++ b/src/log.c
@@ -111,6 +111,7 @@ static const struct logformat_type logformat_keywords[] = {
  { hsl, LOG_FMT_HDRRESPONSLIST, PR_MODE_TCP, LW_RSPHDR, NULL },  /*
header response list */
  { HM, LOG_FMT_HTTP_METHOD, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP method */
  { HP, LOG_FMT_HTTP_PATH, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP path */
+ { HQ, LOG_FMT_HTTP_QUERY, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP query */
  { HU, LOG_FMT_HTTP_URI, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP full URI */
  { HV, LOG_FMT_HTTP_VERSION, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP
version */
  { lc, LOG_FMT_LOGCNT, PR_MODE_TCP, LW_INIT, NULL }, /* log counter */
@@ -937,6 +938,7 @@ int build_logline(struct stream *s, char *dst,
size_t maxsize, struct list *list
  struct chunk chunk;
  char *uri;
  char *spc;
+ char *qmark;
  char *end;
  struct tm tm;
  int t_request;
@@ -1578,6 +1580,42 @@ int build_logline(struct stream *s, char *dst,
size_t maxsize, struct list *list
last_isspace = 0;
break;

+ case LOG_FMT_HTTP_QUERY: // %HQ
+   uri = txn-uri ? txn-uri : BADREQ;
+
+   if (tmp-options  LOG_OPT_QUOTE)
+ LOGCHAR('');
+
+   end = uri + strlen(uri);
+   // look for the first question mark
+   while (uri  end  *uri != '?')
+ uri++;
+
+   qmark = uri;
+
+   // look for first space or question mark after url
+   while (uri  end  !HTTP_IS_SPHT(*uri))
+ uri++;
+
+   if (!txn-uri) {
+ chunk.str = BADREQ;
+ chunk.len = strlen(BADREQ);
+   } else {
+ chunk.str = qmark;
+ chunk.len = uri - qmark;
+   }
+
+   ret = encode_chunk(tmplog, dst + maxsize, '#', url_encode_map, chunk);
+   if (ret == NULL || *ret != '\0')
+ goto out;
+
+   tmplog = ret;
+   if (tmp-options  LOG_OPT_QUOTE)
+ LOGCHAR('');
+
+   last_isspace = 0;
+   break;
+
  case LOG_FMT_HTTP_URI: // %HU
uri = txn-uri ? txn-uri : BADREQ;

--
2.1.3


0001-Add-log-format-variable-HQ-to-log-HTTP-query-strings.patch
Description: Binary data

Re: Capture sequencing in logs

[Baptiste]

In 1.6, %[query] should do the trick.

Baptiste

On Fri, Jul 31, 2015 at 1:17 AM, Phillip Decker
pdecker999+hapr...@gmail.com wrote:
 And it only kinda works because when there is no question mark then the
 field will have the uri instead of being empty...

 On Thu, Jul 30, 2015 at 7:12 PM, Phillip Decker
 pdecker999+hapr...@gmail.com wrote:

 Funny, yeah I was just playing with it and couldn't get that to work, so I
 just did another git pull thinking maybe I just wasn't updated, then came
 back to my email and saw your second reply.

 Hrm.  Well, something that seems to sorta work is this (in the log-format
 line):
 %[capture.req.uri,regsub(^.*\?,)]

 So, grabbing the full uri and then regex replace everything up to the '?'
 with nothing, but I don't know what kind of underlying impacts that approach
 might have, if any...

 Phillip

 On Thu, Jul 30, 2015 at 6:25 PM, Cyril Bonté cyril.bo...@free.fr wrote:

 On 31/07/2015 00:14, Cyril Bonté wrote:

 Hi Phillip,

 On 31/07/2015 00:05, Phillip Decker wrote:

 One other log question in this same vein -

 I'm trying to duplicate the functionality of the %q flag in Apache, and
 I don't see a way in the documentation to print _only_ the query
 string,
 that is, the information after the question mark in a URI.  I see the
 URI without the query (path), the full URI, and looking up specific
 parameters in the URI... am I missing an obvious flag somewhere?


 This is only available in 1.6 development branch :
 http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#query


 Oops, I replied too quickly, as such HTTP sample fetches are not
 available in log-format.
 Maybe we can discuss adding a %HQ (or %HQS) log variable in the future ?

 --
 Cyril Bonté

RE: use_server

[mlist]

This is the haproxy configuration file. I don't know if the acl or the 
use-server do not match... I do not have any tool to check what of two does not 
work.



Example URL to use  server web1:  
http://www.mydom1.net/app1/app_ass_UNIQUE_web1_

Example URL to use server web4:   
http://www.mydom1.net/app1/app_ass_UNIQUE_web4_

Example URL to use server web10:
http://www.mydom1.net/app1/app_ass_UNIQUE_web10_







Thank you for your help...





#-

#   Global Settings

#-

global

   log 127.0.0.1:514 local0

   chroot  /var/lib/haproxy

   pidfile /var/run/haproxy.pid

   maxconn 1

   daemon

   quiet

   tune.ssl.default-dh-param 2048

   # turn on stats unix socket

   stats socket /var/lib/haproxy/stats

   ssl-default-bind-options no-sslv3



#-

#   Common Defaults that all the listen and backend

#   will use if not designated in their block

#-

defaults

   modehttp

   log global

   option  httplog

   option  dontlognull

   option http-server-close

   option forwardfor   except 127.0.0.0/8

   option  redispatch

   retries 3

   timeout http-request10s

   timeout queue   1m

   timeout connect 10s

   timeout client  1m

   timeout server  5m

   timeout http-keep-alive 10s

   timeout check   10s

   maxconn 1

   stats enable

   stats uri /haproxy_Stats



#-

#   Mailer Configuration

#-

mailers aaamailer1

   mailer smtp1 172.16.0.x:2025





#-

#   Main Frontend

#-

frontend main_fe

   mode http

   bind *:80

   bind *:443 ssl crt /etc/pki/tls/haproxy.cert/haproxy_ucc.pem crt 
/etc/pki/tls/haproxy.cert ciphers 
ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM



### Redirect specific request to https

   option forwardfor

   option http-server-close



   http-request set-header X-Forwarded-Port %[dst_port]

   http-request add-header X-Forwarded-Proto https if { ssl_fc }



   acl backend_down nbsrv(def_backend) lt 1

   monitor fail if backend_down

   monitor-uri /haproxy_check



   acl dom_demo hdr_dom(host) -i demo.mydom1.net

   acl mydemo path_beg -i /Demo1

   use_backend sic_demo_be if dom_demo mydemo

   use_backend hsic_demo_be if dom_demo !mydemo



   acl leave_http hdr_dom(host) -i www.extdom1.it

   acl leave_http hdr_dom(host) -i www.extdom2.it

   acl leave_http hdr_dom(host) -i upd.mydom1.net

   redirect scheme https if !leave_http !{ ssl_fc }



###  for debug only

###

### response debug info

acl id_web1 srv_id 1

acl id_web4 srv_id 4

acl id_web10 srv_id 10

acl id_demo1_tom srv_id 200

acl id_demo1_iis srv_id 201

rspadd X-APS-Servedby:\ web1 if id_web1

rspadd X-APS-Servedby:\ web4 if id_web4

rspadd X-APS-Servedby:\ web10 if id_web10

rspadd X-APS-Servedby:\ demo1_tom if id_demo1_tom

rspadd X-APS-Servedby:\ demo1_iis if id_demo1_iis



   default_backend def_backend



#-

#   Main Backend

#-

backend def_backend

   mode http

   balance roundrobin

### Cookie Insert Method

   cookie ha_srvid insert indirect nocache



   email-alert mailers aaamailer1

   email-alert from aps.$haproxy_hostname@mydom.it

   email-alert to ale...@mydom.it

   email-alert myhostname smtp1

   email-alert level info



### app1 persistence

   acl c_web1 hdr_sub(cookie) ha_srvid=web1_

   acl c_web4 hdr_sub(cookie) ha_srvid=web4_

   acl c_web10 hdr_sub(cookie) ha_srvid=web10_

   reqadd X-APS-Backend-Server:\ web1_ if c_web1

   reqadd X-APS-Backend-Server:\ web4_ if c_web4

   reqadd X-APS-Backend-Server:\ web10_ if c_web10



#   acl aps_ass_web1 path_reg (.*)\/app_ass_UNIQUE_web1_(.*)

   acl aps_ass_web1 path_end /app_ass_UNIQUE_web1_

#   acl aps_ass_web4 path_reg (.*)\/app_ass_UNIQUE_web4_(.*)

   acl aps_ass_web4 path_end /app_ass_UNIQUE_web4_

#   acl aps_ass_web10 path_reg (.*)\/app_ass_UNIQUE_web10_(.*)

   acl aps_ass_web10 path_end /app_ass_UNIQUE_web10_

   use-server web1 if aps_ass_web1

   use-server web4 if aps_ass_web4

   use-server web10 if aps_ass_web10



   reqirep (.*)\/app_ass_UNIQUE_web[0-9]*_(.*) \1\2



   server web1  192.168.1.50:80 check inter 5s weight 

Fw:UL 5 years warranty Cree XTE Flood light with pccooler heatsink

[Miklly Lin]

 =20Hellomyfriend, 
GreetingofLuckyMikllyfromBoslin.Weareprofessionalmanufac=turerinledfloodlightsince2005.Newlyengineer=edproducts-UL5yearswarranty
 CreeXTE =Floodlightwithpccoolerheatsink.1) 
Higherlighteffect,CreeXTEisdiverging,=verybigtouchingarewithPCB2) 
Distributionofth=elight:LED+secondarydistributionofthelightreflector 
3)LEDdriver=contactwiththeheatsinkdirectlyandtheheatdissipationismuchst=ronger4)With
 U=LMeanwellDriver,full5yearswarranty.5)Pccoolerhe=atsink, 
Water-proofdesign(IP65)Yourcomments,=please!   Yours sincerely, 
 Miklly Lin (Sales=nbsp;manager)  BOSLIN 
Asia-BOSLINOptoe=lectronicsSciamp;TechGroupCo.,Ltd   Address: 
TaiHeRongnbsp=;Industrial Bldg A .LiaoKeng . Shiyan,Shenzhen ( =518108 )   
Website: www.simaoled.c=om Mob: +86-13026654358n=bsp;Skype: 
mikllysimaoled=nbsp;Wechat:= miklly0626 whatsap=p: +86 13026654358 
QQnbsp=;online: 137093301 Email:=nbsp;mik...@simaoled.com  

Re: HAProxy - Combination of SSL Termination and Pass through

[Baptiste]

On Fri, Jul 31, 2015 at 4:12 AM, Sandeep Jindal sandeep...@gmail.com wrote:
 Hi All,

 My use case is to Manipulate Request Headers of the incoming request.

 So, for this, I would need to create a new SSL certificate, but it seems at
 HTTP level.

 Can you please suggest if this is possible and how?


 Regards
 Sandeep Jindal
 201 604 5277


Hi Sandeep,

Simply create your certificate with openssl, and enable enable 'ssl'
and 'crt /path/to/your/cert' on your bind line in your HAProxy
frontend.

Baptiste

Re: http-response set-mark with value from http-response header field

[Baptiste]

Hi Vinay,

According to the documentation:

- set-tos is used to set the TOS or DSCP field value of packets sent to
  the client to the value passed in tos on platforms which support this.
  This value represents the whole 8 bits of the IP TOS field, and can be
  expressed both in decimal or hexadecimal format (prefixed by 0x)


It does not expect a log format variable as your trying to do.

Baptiste


On Sun, Jul 26, 2015 at 1:00 PM, Vinay Y S vinay...@gmail.com wrote:
 Actually I suppose the syntax could be same as sample fetches. For example:

 http-response set-tos %[res.hdr_val(X-Tos)]

 This syntax currently doesn't work. Is it possible to make this work easily?

 On Sun, Jul 26, 2015 at 3:45 PM Vinay Y S vinay...@gmail.com wrote:

 Hi,
 I would like to use set-mark and set-tos to values returned by the backend
 in the http-response header field. Is this possible?

 For example a syntax like this would be nice:
 http-response set-tos $http_resp_hdr[tos]

 Idea is to have backend determine the best value for tos and mark on a per
 request basis depending on the client ip address, client id etc. And then
 based on the tos  mark values I've my policy routing setup to choose
 outbound interface and traffic queues etc.

 Thanks,
 Vinay

SOLDES : Dernier week-end plus que 3 jours pour en profiter !

[Histoire d'Or]

 Profitez des soldes sur Histoiredor.com   
: 
http://p9tre.emv3.com/HP?b=7sKvSHIeLiEFcdHDSZjZ9Z1dXz64ybNcoM3svtpZ-_W2ssTQfGgMmFVpuEwtDgTBc=A5b5B55u57PChzv99zgrAQ
   Jusqu'à dimanche -50% sur une sélection de bijoux et de montres
 Un problème de visualisation ? Utilisez notre version en ligne: 
http://p9tre.emv3.com/HM?b=6lguMwHjKYeSdU3SA0W-qTGDLXhh9p45WE2_l00wAXVdjf9naLXQQBvsMbBM7s7Cc=2XQCoA_Juz3JXrbENfoh2g
.
 
   
: 
http://p9tre.emv3.com/HP?b=Hx0ctwijJZmO1l1TS_h7yv-bfpA4mv3UuTwbZj0wPOZ6BnJ_aSmkKEFcfMYESNpRc=Mt0Zcwq2NLF1mQdIbzNZJQ
 BIJOUX FEMMES: 
http://p9tre.emv3.com/HP?b=eSiqu3tQ_xsKF77ZnTASHRMVF5g3ZMe2TwHKhPb4TAoD7x12oZhDQ72f_LRZx2uAc=e04zbunsNxL4myEmOFP7NQ
  BIJOUX HOMMES: 
http://p9tre.emv3.com/HP?b=e6W9ia00loBdm0UCkqj1onpviqt3x5yVPnt7xb8ztjw6tD_CAh6Jrxl8VcRguRRTc=QBHinevHaYYynN8AMGFMWw
 MONTRES: 
http://p9tre.emv3.com/HP?b=QcbAeZf2FhlZGUSd0luXA8Kk6Jp58aEVYbSXUCVqMG6xY8NKXKFpyjA23tQbPW6Qc=smmYSpnC17queaV-6h48wg
  
: 
http://p9tre.emv3.com/HS?b=flzknsTIKkpHIJ4QBQsmzDZ63B8-OAFEtYeSc4WO7qcy6pAQpPq7VkivRKvQOtY9c=qof0N7Up1LRKGEzSulpA7Q
  
: 
http://p9tre.emv3.com/HP?b=9PJ1s54TuGmKC1ivMCo2BeFsJLlG6s8dypOqBg5dOxc5KiB8pd5wCN4LTZZYFrYic=0xXjRjYAhZsEk1GsKaY75g
  
: 
http://p9tre.emv3.com/HP?b=sHgdF58i96jHaKZPrRCqpQW_kdkU9Rw06DxWiS3ksTIsM-N4kB_Kg6eMcVJTg74fc=jk9CErNFIIG98cR_eZr82A
  
: 
http://p9tre.emv3.com/HP?b=6VYViRle5wRI7S0bWobfKcSB-8Ul8h2LfvnE8wKcp9Tea6mlPPUfTrSWnK8aT3J2c=p2T1PvPkornj4FvuHg1p7A
  
: 
http://p9tre.emv3.com/HP?b=SAExpkFamZR_RHca6IyWHyKKl9fU2JDPcSTt759gqXaBn_hZ85v_qOLvWfbJMEpfc=pHJx9cUzHAbXnCQo1yG0Qw
   
  
: 
http://p9tre.emv3.com/HP?b=ackuP8bTT8OkTF4FQSdw8IRPtVi9eBRhEWZ3bXWzbmvkxxHp4Tqr4tq0ysJSsQc6c=jyxvnOyXMyjen96TZd0BHg
   
   
  
: 
http://p9tre.emv3.com/HP?b=2NzofV0yaiLghBpoPfr9orhbcYUuHi73nJvNY4mbIjxn-zJHGX62MwbguYThKHMrc=9SYUkHWgpY-2NRCvAi5mLw
   
   
   
   
  
: 
http://p9tre.emv3.com/HP?b=Fln3czB6LlYvTgnVy5boi9-3gHfR8y1Qqczs5SkhDIKEhlA2WQ6yst_hnY26MlPCc=dM_cbLYVfejhgrID__lbHg
  
: 
http://p9tre.emv3.com/HP?b=Zwk06pkblHFxvBIJUq68fzatZx1m8D1N7VDZk6zs45QZUOOAr5ig1DCgDFE1cPyqc=k8M_rN3j64_OvA-tD762VA
 
 
: 
http://p9tre.emv3.com/HP?b=0CTl5Bk2a5L-p8O647sR1hd7jtufpEZsB-kmiI3Z4-RGRKuEQ-WD9v-QYq_5QQ2Lc=b6swtWn91ru3BKjJpw4ciQ
 Retrait sous 2H
 en magasin: 
http://p9tre.emv3.com/HP?b=otT52on0TD6bkRVpxzwVA95cy1U1OabGEYfT_cct2kysSHjWI45E33RuLBrS3uEQc=EVPv7ShqiWXtR18T1SPuAw
 
: 
http://p9tre.emv3.com/HP?b=vrGV0rnAwmIlSRBA5jdHpt_vygQxm_1JJxmxCA3zVQ317prCGzAiHg4AvPqZomp-c=8jAicoHxoge99O8hVYiPog
 Livraison gratuite
 à partir de 49€: 
http://p9tre.emv3.com/HP?b=jJwdZlNE2yUffTaRReBXV8y5gyc1IL9eosiCqstt2lKWHR8gsCpcMpJCgN17tN1uc=lsyrNuWWtIwypu79MBq6jw
 
: 
http://p9tre.emv3.com/HP?b=x_orAFobBlhmJk0fRHc-KTjnCWfL0S3AiNy68bmk4wGBxX3YQiRyr2WCt13REs9_c=BMzoH47RDPrUQyeq_enhEg
 30 jours pour
 changer d'avis: 
http://p9tre.emv3.com/HP?b=wbcdr2qSU3hQE8VgDzhuGKuiqi7bIEtt-Ljp6LmUZ1ViA_YjqTKTYILhzJs9KIKXc=ySwG6Y5oa-hOvv3gG05UWQ
 
: 
http://p9tre.emv3.com/HP?b=XCLM_zSzSpBgTSqJ_d6vk2yExpMMvSzM3qTI7snS-2sMUZNkdVNZaWP-chG9na0rc=gnSEztt0Uccu_cPkznr96A
 Paiement 100%
 sécurité: 
http://p9tre.emv3.com/HP?b=yoU_WTAKfEeFQ7MtFXJAF4TWLI9N-nbhZP-Q35dd-IlLHuAp4pZiw0MX3wu42c0Vc=_YNc8o8RUP_5CqWSDnyy-g
 
: 
http://p9tre.emv3.com/HP?b=nl4Om6aeoSvOzHhz0fj_mzTKoY0HnkHja_X3c8YXL8T4p3mxgb1pZmSwyKnawCAqc=zl_mIFgcRNEX8a2e-d9LKw
 Nos conseillers
 au 09 69 32 36 19: 
http://p9tre.emv3.com/HP?b=sYE3FodwdshuS9OojZF-OBMPlWxn2iBXyYoXtaA2kaDVkGFFoxRurXb_Hx-DMzpYc=E03ENYSSgWv5LtJzwIoMag
   
*Or 375/1000ème **Argent 925/1000ème. 

 (1) Remises applicables sur les articles désignés d'une pastille de 
couleur jusqu'au 23 juin 2015 inclus. La remise se fait automatiquement 
lors du passage de votre commande en ligne. Les offres ne sont pas 
cumulables avec toutes les autres remises ou opérations en cours. Les 
achats remisés n'incrémentent pas la carte de fidélité. 
 
 Histoire d'Or respecte votre vie privée. Si vous avez reçu ce message, 
c'est parce que vous nous avez communiqué votre adresse email et que 
vous avez accepté de recevoir une newsletter de la part de Histoire 
d'Or. En application de la loi informatique et libertés du 
06/01/1978, vous disposez d'un droit d'accès, de rectification et 
d'opposition sur les données vous concernant qui peut s'exercer par 
courrier à l'adresse suivante : Histoire d'Or - Service clients - 7 rue 
Saint Georges - 75009 Paris Vous recevez cet e-mail car vous êtes 
abonné à la newsletter Histoire d'Or ou êtes titulaire de la carte de 
fidélité Histoire.
 
 Avec plus de 350 points de vente, Histoire d'Or vous propose une large 
gamme de bijoux en or et argent. Les marques de montres les plus 
prestigieuses y sont distribuées. Dans un espace intime et convivial, 
une équipe de professionnels se tient à votre disposition pour vous 
guider dans votre choix. Pour satisfaire au mieux votre demande, nous 
disposons d'un atelier de réparation, transformation et création qui 
réalisera pour vous le bijou de vos rêves ! Votre 

Re: [PATCH] Add log-format variable %HQ, to log HTTP query strings

[Phillip Decker]

Andrew-

This patch works well for my use case.  Leaving the question mark in
mirrors the behavior of %q in httpd, fwiw.

Should it also print a hyphen in case the field is empty and the quotation
mode is not on? %HQ instead of %{+Q}HQ?

Phillip


On Fri, Jul 31, 2015 at 12:21 PM, Andrew Hayworth 
andrew.haywo...@getbraintree.com wrote:

 Since this came up in another thread, it seems reasonable to add a
 patch that implements %HQ as a log-format variable to record the HTTP
 query string. Leaving the initial '?' is intentional, but I don't feel
 strongly one way or another.

 --
 - Andrew Hayworth


 From b87770d5e513fc923d0d94d2b1d0de00d88acb98 Mon Sep 17 00:00:00 2001
 From: Andrew Hayworth andrew.haywo...@getbraintree.com
 Date: Fri, 31 Jul 2015 16:14:16 +
 Subject: [PATCH 1/1] Add log-format variable %HQ, to log HTTP query strings

 Since sample fetches are not always available in the response phase,
 this patch implements %HQ such that:

   GET /foo?bar=baz HTTP/1.0

 ...would be logged as:

   ?bar=baz
 ---
  doc/configuration.txt |  1 +
  include/types/log.h   |  1 +
  src/log.c | 38 ++
  3 files changed, 40 insertions(+)

 diff --git a/doc/configuration.txt b/doc/configuration.txt
 index db97cc7..b3ba8a0 100644
 --- a/doc/configuration.txt
 +++ b/doc/configuration.txt
 @@ -13987,6 +13987,7 @@ Please refer to the table below for currently
 defined variables :
|   | %H   | hostname  | string
   |
| H | %HM  | HTTP method (ex: POST)| string
   |
| H | %HP  | HTTP request URI without query string (path)  | string
   |
 +  | H | %HQ  | HTTP request URI query string (ex: ?bar=baz)  | string
   |
| H | %HU  | HTTP request URI (ex: /foo?bar=baz)   | string
   |
| H | %HV  | HTTP version (ex: HTTP/1.0)   | string
   |
|   | %ID  | unique-id | string
   |
 diff --git a/include/types/log.h b/include/types/log.h
 index bbfe020..d0fb966 100644
 --- a/include/types/log.h
 +++ b/include/types/log.h
 @@ -96,6 +96,7 @@ enum {
   LOG_FMT_HTTP_METHOD,
   LOG_FMT_HTTP_URI,
   LOG_FMT_HTTP_PATH,
 + LOG_FMT_HTTP_QUERY,
   LOG_FMT_HTTP_VERSION,
   LOG_FMT_HOSTNAME,
   LOG_FMT_UNIQUEID,
 diff --git a/src/log.c b/src/log.c
 index ffd8f10..1112f8a 100644
 --- a/src/log.c
 +++ b/src/log.c
 @@ -111,6 +111,7 @@ static const struct logformat_type
 logformat_keywords[] = {
   { hsl, LOG_FMT_HDRRESPONSLIST, PR_MODE_TCP, LW_RSPHDR, NULL },  /*
 header response list */
   { HM, LOG_FMT_HTTP_METHOD, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP
 method */
   { HP, LOG_FMT_HTTP_PATH, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP path */
 + { HQ, LOG_FMT_HTTP_QUERY, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP query
 */
   { HU, LOG_FMT_HTTP_URI, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP full
 URI */
   { HV, LOG_FMT_HTTP_VERSION, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP
 version */
   { lc, LOG_FMT_LOGCNT, PR_MODE_TCP, LW_INIT, NULL }, /* log counter */
 @@ -937,6 +938,7 @@ int build_logline(struct stream *s, char *dst,
 size_t maxsize, struct list *list
   struct chunk chunk;
   char *uri;
   char *spc;
 + char *qmark;
   char *end;
   struct tm tm;
   int t_request;
 @@ -1578,6 +1580,42 @@ int build_logline(struct stream *s, char *dst,
 size_t maxsize, struct list *list
 last_isspace = 0;
 break;

 + case LOG_FMT_HTTP_QUERY: // %HQ
 +   uri = txn-uri ? txn-uri : BADREQ;
 +
 +   if (tmp-options  LOG_OPT_QUOTE)
 + LOGCHAR('');
 +
 +   end = uri + strlen(uri);
 +   // look for the first question mark
 +   while (uri  end  *uri != '?')
 + uri++;
 +
 +   qmark = uri;
 +
 +   // look for first space or question mark after url
 +   while (uri  end  !HTTP_IS_SPHT(*uri))
 + uri++;
 +
 +   if (!txn-uri) {
 + chunk.str = BADREQ;
 + chunk.len = strlen(BADREQ);
 +   } else {
 + chunk.str = qmark;
 + chunk.len = uri - qmark;
 +   }
 +
 +   ret = encode_chunk(tmplog, dst + maxsize, '#', url_encode_map,
 chunk);
 +   if (ret == NULL || *ret != '\0')
 + goto out;
 +
 +   tmplog = ret;
 +   if (tmp-options  LOG_OPT_QUOTE)
 + LOGCHAR('');
 +
 +   last_isspace = 0;
 +   break;
 +
   case LOG_FMT_HTTP_URI: // %HU
 uri = txn-uri ? txn-uri : BADREQ;

 --
 2.1.3

Offre de téléphonie tout compris plus tablette offert

[Estelle Orange Business]

Si  vous ne visualisez pas ce message, cliquez-ici pour la version en ligne
  
  




TEacute;LEacute;PHONIE D'ENTREPRISE



Mobile + Fixe + Internet + Standard







DEMANDEZ DES MAINTENANT



VOTRE DIAGNOSTIC GRATUIT ET VEacute;RIFIER COMBIEN
 NOUS POUVONS VOUS FAIRE ECONOMISER




UN IPAD AIR 2 OFFERT*




Demande de diagnostic avant le 25/07/2015

*valable dans la limite des stocks disponibles pour toute offre commerciale 
accepteacute;e




  

  

  
  

  



  

  
  

  

  




NOS SOLUTIONS




  


Appels illimiteacute;s 24h/24, 7j/7


Rachat de vos contrats en cours
  





  
(France, Europe, USA,…)

Conservation de tous vos numeacute;ros
  





  


Interlocuteur Unique

Facture simplifieacute;e
  









  
  
Cet e-mail est envoyeacute; agrave; haproxy@formilux.org, en 
conformeacute;ment agrave; l'article 34 de la loi 78-17 du 6 janvier 1978
relative agrave; l'informatique, aux fichiers et aux liberteacute;s, vous 
disposez d'un droit d'accès, de rectification
et d'opposition,  aux informations vous concernant. Si vous n'ecirc;tes pas le 
destinataire, s'il vous plaît

informez-nous. Si vous souhaitez vous deacute;sabonner de cet e-mail, 
cliquez ici.

RE: use_server

[mlist]

1. One you haven't met yet : your reqirep pattern will delete the / 
at the beginning, which may produce some 400 Bad Request on the backend.

Example :
GET /aps_ass_UNIQUE_web1_index.html HTTP/1.1
will be replaced by
GET index.html HTTP/1.1

reqirep (.*)\/aps_ass_UNIQUE_web[0-9]*_(.*) \1\2
The substitution works well I think... as (.*) comprises also / then 
reporting all after aps_ass_UNIQUE_web[0-9]*_


2. reqirep is executed *BEFORE* the evaluation of user-server. So the 
routing information has already disappeared when it is time to choose a 
server with use-server.

Ok. Thanks. There are not so many info on precedence haproxy uses in various 
stages.

3. Without any other details (please provide a more complete 
configuration next time), I assume that you'll meet another issue due to 
cookie persistence. You'll probably want to have a look to force-persist.

Why not choosing a combination of cookie persistence and force-persist 
instead of doing some magic with the urls ?

How can I do that ?

Can you tell me how make an acl that check inserted cookie ?

We use 

cookie ha_aps_srvid insert indirect nocache

server web1  192.168.1.50:80 check inter 5s weight 50 cookie web1
server web4  192.168.1.50:80 check inter 5s weight 50 cookie web4
server web10  192.168.1.50:80 check inter 5s weight 50 cookie web10

Roberto

-Original Message-
From: Cyril Bonté [mailto:cyril.bo...@free.fr] 
Sent: mercoledì 29 luglio 2015 16.33
To: mlist; haproxy@formilux.org
Subject: Re: use_server

Hi,

On 29/07/2015 13:07, mlist wrote:
 We have 3 backend servers balanced with haproxy with cookie insert option 
 and ssl redirection.
 For our help desk, we need operators can access a specific backend server to 
 check specific server when we have problems on this backend server.

 We try to do that with the following section, so no hosts file nor DNS 
 mapping and special binding on backend servers are needed to access specific 
 backend server, maintaining the right cookie after use_server.

 We have 3 backend servers: web1, web4 and web10. We want to go on:
 web1 if in the URL haproxy find  aps_ass_UNIQUE_web1_  - ex: 
 http://mydomain/app1/aps_ass_UNIQUE_web1_
 web4 if in the URL haproxy find  aps_ass_UNIQUE_web4_  - ex: 
 http://mydomain/app1/aps_ass_UNIQUE_web4_
 web4 if in the URL haproxy find  aps_ass_UNIQUE_web10_  - ex: 
 http://mydomain/app1/aps_ass_UNIQUE_web10_

 Following configuration does not work, can you help to identify a solution ?

 acl aps_ass_web1 path_reg (.*)\/aps_ass_UNIQUE_web1_(.*)
 acl aps_ass_web4 path_reg (.*)\/aps_ass_UNIQUE_web4_(.*)
 acl aps_ass_web10 path_reg (.*)\/aps_ass_UNIQUE_web10_(.*)
 reqirep (.*)\/aps_ass_UNIQUE_web[0-9]*_(.*) \1\2
 use-server web1 if aps_ass_web1
 use-server web4 if aps_ass_web4
 use-server web10 if aps_ass_web10

I see several issues here.

1. One you haven't met yet : your reqirep pattern will delete the / 
at the beginning, which may produce some 400 Bad Request on the backend.

Example :
GET /aps_ass_UNIQUE_web1_index.html HTTP/1.1
will be replaced by
GET index.html HTTP/1.1

2. reqirep is executed *BEFORE* the evaluation of user-server. So the 
routing information has already disappeared when it is time to choose a 
server with use-server.

3. Without any other details (please provide a more complete 
configuration next time), I assume that you'll meet another issue due to 
cookie persistence. You'll probably want to have a look to force-persist.

Why not choosing a combination of cookie persistence and force-persist 
instead of doing some magic with the urls ?

-- 
Cyril Bonté

-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.