Is it possible to capture the body of http responses?

[Ryan Burn]

I'm working on integrating HAProxy with traceable.ai's security product.

As part of the integration, we'd like to capture the contents of any http
responses processed by HAProxy and send them to a service either via SPOA
or an RPC call from Lua. The response contents are used by the product to
help identify possible security threats.

I've tried a few things, but haven't found a reliable way to capture the
contents of response bodies. Is this possible with HAProxy?

Here are the approaches I've explored so far:

1. I used the "res.body" fetch but that only provides the contents
sometimes (I presume if it's available in a buffer):
https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/extcap.conf#L19

2. I also tried accessing the contents of the response channel from a Lua
action, but that fails with "Cannot manipulate HAProxy channels in HTTP
mode"
https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/response.lua#L5

stable-bot: Bugfixes waiting for a release 2.4 (11), 2.3 (7), 2.0 (1)

[stable-bot]

Hi,

This is a friendly bot that watches fixes pending for the next haproxy-stable 
release!  One such e-mail is sent periodically once patches are waiting in the 
last maintenance branch, and an ideal release date is computed based on the 
severity of these fixes and their merge date.  Responses to this mail must be 
sent to the mailing list.


Last release 2.4.2 was issued on 2021-07-07.  There are currently 11 
patches in the queue cut down this way:
- 2 MEDIUM, first one merged on 2021-07-27
- 9 MINOR, first one merged on 2021-07-15

Thus the computed ideal release date for 2.4.3 would be 2021-08-12, which was 
within the last week.

Last release 2.3.12 was issued on 2021-07-08.  There are currently 7 
patches in the queue cut down this way:
- 2 MEDIUM, first one merged on 2021-07-27
- 5 MINOR, first one merged on 2021-07-27

Thus the computed ideal release date for 2.3.13 would be 2021-08-24, which is 
in two weeks or less.

Last release 2.0.23 was issued on 2021-07-16.  There are currently 1 
patches in the queue cut down this way:
- 1 MEDIUM, first one merged on 2021-07-29

Thus the computed ideal release date for 2.0.24 would be 2021-10-27, which is 
in eleven weeks or less.

The current list of patches in the queue is:
 - 2.0   - MEDIUM  : tcp-check: Do not dereference 
inexisting connection
 - 2.3, 2.4  - MEDIUM  : ssl_sample: fix segfault for srv 
samples on invalid request
 - 2.3, 2.4  - MEDIUM  : mworker: do not register an exit 
handler if exit is expected
 - 2.4   - MINOR   : ssl: Default-server configuration 
ignored by server
 - 2.4   - MINOR   : mux-h1: Be sure to swap H1C to splice 
mode when rcv_pipe() is called
 - 2.3, 2.4  - MINOR   : systemd: must check the configuration 
using -Ws
 - 2.3, 2.4  - MINOR   : check: fix the condition to validate a 
port-less server
 - 2.3, 2.4  - MINOR   : resolvers: Use a null-terminated 
string to lookup in servers tree
 - 2.3, 2.4  - MINOR   : mux-h2: Obey dontlognull option during 
the preface
 - 2.4   - MINOR   : stats: Add missing agent stats on 
servers
 - 2.4   - MINOR   : mux-h1: Obey dontlognull option for 
empty requests
 - 2.3, 2.4  - MINOR   : mworker: do not export 
HAPROXY_MWORKER_REEXEC across programs

-- 
The haproxy stable-bot is freely provided by HAProxy Technologies to help 
improve the quality of each HAProxy release.  If you have any issue with these 
emails or if you want to suggest some improvements, please post them on the 
list so that the solutions suiting the most users can be found.

Advertising Options / Sponsored Content Options on haproxy.org

[krist...@audiencr.com]

Hi there,



We’re currently working on behalf of a major industry-leading client trying
to enhance their brand via editorial content.



Whilst looking for opportunities, we came across your website haproxy.org



Please let us know the pricing and options to place sponsored content on
your website.



We can provide you with a high-quality piece of content, fitting your
website audience. We’ll include citations and images, so as to make the
content naturally resonate with your readers.



Furthermore, if you are interested in publishing sponsored content
on websites/blogs owned by your company, please send us more details with
the below info:



- Website URLs

- Pricing

- Linking restrictions (Nofollowetc)

- Any restrictions about the content or outgoing links



Let me know and we can get something started.



Best Regards,

-- 

[image: beacon]