Re: Stick on extracted regex value from header

2013-02-28 Thread Baptiste
-Custom-Authorization) 2 you can add as many values as you want. Baptiste

Re: Unknown host

2013-03-06 Thread Baptiste
Hi, Maybe DNS resolution has expired and HAProxy gets a NXdomain when it tries to resolve it. Baptiste On Wed, Mar 6, 2013 at 2:06 PM, Matthieu Boret mbore...@gmail.com wrote: Hi, I have a strange and random problem with Haproxy. Sometimes, I have an error when I'm trying to reload

Re: a cleaner/correct way to filter by IP/destination?

2013-03-13 Thread Baptiste
Hi Jay, This may work if /stats is not hosted on same servers as application servers. You should better use something like : block if is_stats !is_owner or better: (latest haproxy 1.5): http-request deny if is_stats !is_owner Baptiste On Wed, Mar 13, 2013 at 9:22 PM, Jay Christopherson

Re: Haproxy 1.5 dev 17 - stick store-response hdr(val) not working

2013-03-13 Thread Baptiste
, smp_fetch_base32_src, 0, NULL,SMP_T_BIN, SMP_CAP_L7|SMP_CAP_REQ }, I'll talk to Willy to know whether pattern extraction should follow the acl naming rule (hdr for client side and shdr for server side). Baptiste On Mon, Mar 11, 2013 at 6:06 PM, Geoff Bucar viralb...@gmail.com wrote

Re: Haproxy mime-type block

2013-03-14 Thread Baptiste
Hi, HAProxy can't analyse DATA in your POST. But if you're able to put the file name in a HTTP header when forging the POST request, then we may help you. Baptiste On Thu, Mar 14, 2013 at 3:52 AM, Leo Raikhman raikh...@gmail.com wrote: Hi, I run a web farm behind haproxy 1.5dev17 with native

Re: Active/active HAProxy

2013-03-19 Thread Baptiste
layer of Layer 4 LoadBalancers using LVS or some routing protocols (or Cisco ECMP). Baptiste On Tue, Mar 19, 2013 at 12:39 AM, Jérôme Benoit jerome.ben...@grenouille.com wrote: Hello, I'm starting to think about a way to setup an active/active HAProxy. HAProxy can share as of 1.5 its

Re: transaction alert

2013-03-19 Thread Baptiste
to a spammer or somebody whose mail has been abused... Baptiste

Re: use_backend: brackets/grouping not accepted in condition

2013-03-21 Thread Baptiste
if request_domain1 allowed_ip_foo use_backend backend_test if request_domain1 allowed_ip_bar Baptiste On Thu, Mar 21, 2013 at 6:25 PM, Christian Ruppert c.rupp...@babiel.com wrote: Hi Guys, I just tried to simplify some rules and I noticed that brackets {} doesn't work with use_backend while it works

Re: Please help to configure Haproxy with SSL support

2013-03-21 Thread Baptiste
I actually started with http://blog.exceliance.fr/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/ , but that's out of date; the sni options have changed. Hi Robin I fixed the article today. Baptiste

Re: Counting number given session cookies used by sticky load balancer?

2013-03-21 Thread Baptiste
of sessions: echo show table | socat /var/run/haproxy.stats - The backend name is used for the table name. Just look for the number right after used. This requires HAProxy 1.5. Baptiste On Thu, Mar 21, 2013 at 8:06 PM, VERMEERBERGEN Alexandre alexandre.vermeerber...@3ds.com wrote: Hello, I have

Re: Please help to configure Haproxy with SSL support

2013-03-21 Thread Baptiste
no, as per our explanation and your request, there is a single cert in HAProxy. Unless you want to recypher traffic to your tomcat servers. Baptiste On Fri, Mar 22, 2013 at 5:51 AM, Eswaramoorthy R ram.eas...@gmail.comwrote: Thanks all so much for your help and also for updating the article

Re: Please help to configure Haproxy with SSL support

2013-03-22 Thread Baptiste
you *really* need, then choose the right product. HAProxy or an other one. Don't do the opposite: choose the product then try to arrange your needs to fit the product you chose... ~Eswar On Fri, Mar 22, 2013 at 10:40 AM, Baptiste bed...@gmail.com wrote: no, as per our explanation and your

Re: tuning maxconn and nbproc

2013-03-25 Thread Baptiste
Hi Guys, A short article explaining HAProxy's server maxconn benefits: http://blog.exceliance.fr/2011/06/28/play_with_maxconn_avoid_server_slowness_or_crash/ Baptiste

Re: Sessions when a server doesn't answer anymore

2013-03-26 Thread Baptiste
Hi Christophe, This issue should not happen. Please share your backend configuration here. Baptiste On Tue, Mar 26, 2013 at 10:43 AM, Chris Sarginson ch...@sargy.co.uk wrote: You would probably need to look at something like this: http://technet.microsoft.com/en-us/library/cc753897(v=ws.10

Re: Sessions when a server doesn't answer anymore

2013-03-26 Thread Baptiste
On Tue, Mar 26, 2013 at 11:16 AM, Chris Sarginson ch...@sargy.co.uk wrote: On 26/03/2013 10:11, Baptiste wrote: Hi Christophe, This issue should not happen. Please share your backend configuration here. Baptiste Could this not occur in an instance where cookies were being used

Re: Sessions when a server doesn't answer anymore

2013-03-26 Thread Baptiste
on their attributed server. Actually, the best would to do cookie based persistence, either through cookie insert or cookie prefix. Baptiste

Re: haproxy in the sky

2013-04-01 Thread Baptiste
Yeah, brilliant, it passed over versailles, 1h after leaving your flat :) Fun to see how far it's going to go! Baptiste On Mon, Apr 1, 2013 at 2:12 PM, david rene comba lareu shadow.of.sou...@gmail.com wrote: Hi, very cool ! thanks for sharing it :) Regards, Shadow. 2013/4/1 Willy

Re: How to turn on/off maintenance page in a smart way?

2013-04-02 Thread Baptiste
the servers: echo disable server bk_app1/srv1 | socat /var/run/haproxy.socket - Baptiste On Tue, Apr 2, 2013 at 8:42 AM, Unai Rodriguez u...@sysbible.org wrote: Dear List, We have a number of applications behind HAProxy. Sometimes we need to put one of the applications in maintenance mode (i.e

Re: Rate limit URL or src IP

2013-04-02 Thread Baptiste
/ Baptiste On Tue, Apr 2, 2013 at 10:11 AM, Sander Klein roe...@roedie.nl wrote: Hi All, I know this question has been asked more times, but currently I'm experiencing some problems with some people harvesting data from our websites at high rates. I would like to block them based on the URL

Re: Stickiness lost after failover

2013-04-03 Thread Baptiste
Hi, Better using stick tables with store-response and store-request to replace your appsession configuration. that way, you can reload your haproxy without loosing persistence information. It also allows you to have a cluster of HAProxy sharing the same persistence information. Baptiste On Wed

Re: haproxy-dev18 http-request

2013-04-03 Thread Baptiste
Hi, You want to use anonymous ACLs which requires brackets '{' and '}', like: http-request set-header X-Forwarded-Proto https if { ssl_fc } Baptiste On Wed, Apr 3, 2013 at 11:15 AM, Sander Klein roe...@roedie.nl wrote: Hi, I try to do the following in my haproxy (dev18) config: http

Re: haproxy-dev18 http-request

2013-04-03 Thread Baptiste
Ah sorry, I misread! http-request set-header X-Frontend-SSL %[ssl_fc] https %[ssl_fc] will be 0 in case of HTTP and 1 in case of SSL. You can't setup an ACL after the set-header directive. Baptiste On Wed, Apr 3, 2013 at 12:09 PM, Sander Klein roe...@roedie.nl wrote: Hmmm, nope

Re: Stickiness lost after failover

2013-04-03 Thread Baptiste
I'm planning to write an article on exceliance's blog about it, because the question is ask very often. Baptiste On Wed, Apr 3, 2013 at 2:45 PM, Thomas Heil h...@terminal-consulting.dewrote: Hi David, On 03.04.2013 13:10, David Coulson wrote: On 4/3/13 5:36 AM, Baptiste wrote: Better

Re: url_param not working with stick-table

2013-04-04 Thread Baptiste
By default, url_param search for a parameter after the question mark (?). The configuration above overwrite this by looking for your cookie from the semi-colon (;). Note: you must be running a recent 1.5dev haproxy, preferably the dev 18. Baptiste On Thu, Apr 4, 2013 at 12:08 PM, Will Glass-Husain wgl

Re: url_param not working with stick-table

2013-04-05 Thread Baptiste
://example.com/foo?PHPSESSIONID=some_id stick on url_param(PHPSESSIONID) # match http://example.com/foo;JSESSIONID=some_id stick on url_param(JSESSIONID,;) --8-- I can't see how much simpler I could have done it. Any feedback and thought is welcome! Baptiste On Fri

Re: Header whitelist possible?

2013-04-08 Thread Baptiste
Hi, You can add conditions through ACLs and decide to reqdel/reqdeny IF or UNLESS the acl matched. It may worth a try. Baptiste On Mon, Apr 8, 2013 at 2:56 PM, Hannes Haug han...@haug.com wrote: Hi all Reqdel/reqidel delete all headers matching a regex and reqdeny/reqideny deny an HTTP

Re: req_ssl_sni domain matching subdomains

2013-04-08 Thread Baptiste
Hi, Doesn't seem doable for now. But might not be too complicated to add. Maybe Emeric can confirm ;) Baptiste On Mon, Apr 8, 2013 at 12:12 PM, Georg Leciejewski g...@salesking.de wrote: Is there any way to use req_ssl_sni to route to a wildcard subdomains site? I know i can terminate ssl

Re: haproxy hit 100% CPU

2013-04-11 Thread Baptiste
Hi, We are also interested by your configuration file (remove any data such as public IP and passwords) and some extract of your logs. And more explanation about the type of application you're load-balancing. Baptiste On Fri, Apr 12, 2013 at 7:06 AM, Henry Qian henry.q...@datasphere.com wrote

Re: HAProxy crashing on start

2013-04-13 Thread Baptiste
Ah brilliant ! I was investigating an issue where the table synchronization only synchronise 24 characters between 2 HAProxy hosts... I guess this fix also fix my bug ;) Baptiste On Fri, Apr 12, 2013 at 12:54 AM, Willy Tarreau w...@1wt.eu wrote: On Thu, Apr 11, 2013 at 03:44:33PM -0700

Fwd: Can't get client side certificate to work (repost)

2013-04-13 Thread Baptiste
-- Forwarded message -- From: Baptiste bed...@gmail.com Date: Sat, Apr 13, 2013 at 4:23 PM Subject: Re: Can't get client side certificate to work (repost) To: Lukas Tribus luky...@hotmail.com Cc: Thomas Dudziak tom...@gmail.com, haproxy@formilux.org haproxy@formilux.org Hi Thomas

Re: how to limit access to only 50 users and redirect the others

2013-04-17 Thread Baptiste
, it may be a bit more complicated to do. You can find an example of how you can do this using stick tables here: http://blog.exceliance.fr/2012/09/19/application-delivery-controller-and-ecommerce-websites/ This is the overusage protection section. Baptiste On Wed, Apr 17, 2013 at 2:09 PM, Mikael

Re: HAProxy on FreeBSD 8.3 with transparent proxying (TProxy?)

2013-04-17 Thread Baptiste
, so if the server try to reach the client directly, this one would refuse the connection. Baptiste On Wed, Apr 17, 2013 at 8:01 PM, PiBa-NL piba.nl@gmail.com wrote: I forgot to mention im using HAproxy 1.5dev18. Hello HAProxy developers/users, I would like to be able to run HAProxy

Re: stick on src same source ip send request to different server port

2013-04-17 Thread Baptiste
Yes, as long as you use them in the same backend or you point one backend to the other one. An example for a persistence for both IMAP and SMTP: http://blog.exceliance.fr/2011/07/14/send-users-to-the-same-server-for-imap-and-smtp/ Baptiste On Thu, Apr 18, 2013 at 2:58 AM, William Wu william

Re: Re-distributing the sticky table

2013-04-18 Thread Baptiste
Hi, you can clear the table content when all your servers have started up and are in the farm. Use the HAProxy stats socket and the clear table statement. Baptiste On Thu, Apr 18, 2013 at 8:08 AM, sol myr solmy...@yahoo.com wrote: Hi, We have stickiness, but would like to re-distribute

Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013

2013-04-22 Thread Baptiste
: http://blog.exceliance.fr/2013/02/26/ssl-offloading-impact-on-web-applications/ Baptiste On Fri, Apr 19, 2013 at 8:53 PM, Connelly, Zachary (CGI Federal) zachary.conne...@cgifederal.com wrote: HAProxy list, I am currently working to implement SSL within HAProxy using the 1.5-dev18 version

Re: Sharing stick stable with 2 instances

2013-04-22 Thread Baptiste
There are pros and cons about source IP persistence and source IP hashing load-balancing. This is fun cause this morning, I thought it should deserve an article on my company's blog! I'll write it today and paste the link here. Hopefully it will help you. Baptiste On Fri, Apr 19, 2013 at 8:53

Re: Sharing stick stable with 2 instances

2013-04-22 Thread Baptiste
Hop, here it is: http://blog.exceliance.fr/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ On Mon, Apr 22, 2013 at 8:45 AM, Baptiste bed...@gmail.com wrote: There are pros and cons about source IP persistence and source IP hashing load-balancing. This is fun cause

Re: Sharing stick stable with 2 instances

2013-04-22 Thread Baptiste
Hi Les, You may want to try set table statement on HAProxy's socket. Baptiste On Mon, Apr 22, 2013 at 8:38 PM, Les Stroud l...@lesstroud.com wrote: Is it possible, with this approach to ‘edit’ the stick table? For instance, there are certain conditions where I need to move a group

Re: urls in stick-table, any timeline?

2013-04-22 Thread Baptiste
Hi Ahmed, Yes, it has been implemented. You can store a URL and rate limited on it. Baptiste On Mon, Apr 22, 2013 at 11:15 PM, S Ahmed sahmed1...@gmail.com wrote: Hello, Has this feature been released yet by any change? :) Again my initial request was to do: I was told that soon you

Re: Failed to use the source address for outgoing connections

2013-04-22 Thread Baptiste
Hi, Have you tried moving the source statement directly in the backend? (just to confirm it works as expected). Baptiste On Tue, Apr 23, 2013 at 6:27 AM, Godbach nylzhao...@gmail.com wrote: Hi, all I have tested 'source' config in haproxy-1.5-dev18, but it didn't work with the following

Re: tcp loadbalancing

2013-04-23 Thread Baptiste
Hi, Could you take a capture of this check from the server? In TCP mode, HAProxy manages buffers and just forward them in both ways (client to server and vice-versa). Baptiste On Wed, Apr 24, 2013 at 4:59 AM, ZeN z...@pix.co.id wrote: Hello please bear with because i'm new with haproxy

Re: fullconn

2013-04-23 Thread Baptiste
to fullconn. I hope this is a bit more clearer. Baptiste On Tue, Apr 23, 2013 at 11:22 AM, Jose María Zaragoza demablo...@gmail.com wrote: Hello: I'm reading about fullconn parameter in https://code.google.com/p/haproxy-docs/wiki/fullconn and I don't get the example # The servers

Re: appsession not sticking?

2013-04-23 Thread Baptiste
Hi Mattew, You can first send us your configuration :) Browser are supposed to send cookies over 2 different connections for the same domain. So maybe you could log the Host header and the Set-Cookie header as well. Baptiste On Tue, Apr 23, 2013 at 11:54 AM, Matthew Wild mwi...@gmail.com wrote

Re: urls in stick-table, any timeline?

2013-04-24 Thread Baptiste
Hi, Last question: Will you have one URL per client? I mean will the query string change with each client? Then do you want to rate limit each client individually or do you want to rate limit the number of call to the script named other as a whole in your example? Baptiste On Wed, Apr 24, 2013

Re: urls in stick-table, any timeline?

2013-04-25 Thread Baptiste
of my head, any issues, please let me know. And please let me know if it works in your case. Baptiste On Thu, Apr 25, 2013 at 4:49 PM, S Ahmed sahmed1...@gmail.com wrote: Each client (might be upto 100K of them) will have a unique URL, let me clarify the url: client#123 api.example.com

Re: track log sessions

2013-04-26 Thread Baptiste
Hi, Capture cookie doesn't change anything, it adds to the log line the cookie value! pretty simple and straight forward, and this is how people usually track users. Of course, you must enable HTTP logging, turn your frontend in HTTP mode as well. Baptiste On Fri, Apr 26, 2013 at 9:39 AM

Re: my first steps with haproxy config

2013-04-28 Thread Baptiste
Hi, Please read the article below: http://blog.exceliance.fr/2011/09/28/aloha-load-balancer-as-a-reverse-proxy/ And focus on the frontend section, you may find the big picture of how to achieve what you want. Then, read haproxy doc to find the right ACL for your needs. Baptiste On Sat, Apr 27

Re: haproxy multiple certificates handling

2013-04-29 Thread Baptiste
(but the article describes how to USE SNI to route traffic): http://blog.exceliance.fr/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ Baptiste On Mon, Apr 29, 2013 at 2:36 PM, Smain Kahlouch smain...@gmail.com wrote: Hello, I wanted to know if it's

Re: Limit frontend bandwidth rate?

2013-05-04 Thread Baptiste
are not available anymore or won't work as expected. That's why it is usually recommended to turn on the option http-server-close. Baptiste On Sat, May 4, 2013 at 4:32 PM, Godbach nylzhao...@gmail.com wrote: On Thu, May 02, 2013 at 03:22:33PM +0800, Delta Yeh wrote: Is server side keepalive

Re: HTTP body manipulation

2013-05-10 Thread Baptiste
Hi, No, it's not possible. HAProxy can manipulate only URLs and headers, in both requests and responses. Baptiste On Fri, May 10, 2013 at 7:21 AM, Nathan Reilly narama...@gmail.com wrote: Hello all, Is content manipulation is possible with haproxy, similar to mod_sed or mod_ext_filter

Re: Peer/Failover options for HAProxy

2013-05-10 Thread Baptiste
Hi Zack, The peers in HAProxy are available only for synchronizing data content from stick tables. If you want a failover to occur you must use a tool to force an IP failover, like keepalived's vrrp ability. Baptiste On Thu, May 9, 2013 at 9:56 PM, Connelly, Zachary (CGI Federal) zachary.conne

Re: keep alive on both client and server side and x-forwarded-for

2013-05-10 Thread Baptiste
Hi, No, there is no way for this for now. If you need to know client IP, you can switch to Transparent proxy or to the Proxy protocol (but this option may ask you to rewrite some code on your server). Baptiste On Thu, May 9, 2013 at 4:10 PM, hapr...@serverphorums.com wrote: Hi All, I have

Re: log X-Forwarded-For in haproxy log

2013-05-10 Thread Baptiste
Hi Pedro, You can use the log-format statement available in HAProxy 1.5. Everything is explained in the doc. If you need more help, please let us know. Baptiste On Thu, May 9, 2013 at 3:21 PM, Pedro Mata-Mouros pedro.matamou...@sapo.pt wrote: Hi, Picking up this old thread, is there a way

Re: haproxy configuration to use forwardfor with websockets

2013-05-10 Thread Baptiste
information here about HTTP, websocket and HAProxy: http://blog.exceliance.fr/2012/11/07/websockets-load-balancing-with-haproxy/ Baptiste On Fri, May 10, 2013 at 9:30 AM, Peter Saitz peter.sa...@gmail.com wrote: I am having problem where my app server is not able to retrieve X-FORWARDED-FOR being

Re: haproxy configuration to use forwardfor with websockets

2013-05-10 Thread Baptiste
euh That's what I said. You can only insert it during the websocket establishment phase. I think Peter wants to have the IP information for each data sent by the client on the websocket. which is not doable. Well, that's my understanding. Baptiste On Fri, May 10, 2013 at 10:30 PM, Willy

Re: haproxy configuration to use forwardfor with websockets

2013-05-11 Thread Baptiste
Hi Peter, At first sight, I can't see any reason why HAProxy would not insert the X-Forwarded-For header. Baptiste On Sat, May 11, 2013 at 7:26 PM, Peter Saitz peter.sa...@gmail.com wrote: One more question if I may: The haproxy.cfg file I attached, if you examine it, does options there make

Re: haproxy configuration to use forwardfor with websockets

2013-05-13 Thread Baptiste
to fail over to source IP load-balancing or persistence, which is not exactly the same. More details here: http://blog.exceliance.fr/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ Baptiste

Re: haproxy configuration to use forwardfor with websockets

2013-05-13 Thread Baptiste
Hi, Since all first request won't have the cookie (whatever the browser), the only way to fix your issue is to use source IP laod-balancing or source IP persistence, don't make any difference between browsers. Baptiste On Mon, May 13, 2013 at 8:41 AM, Peter Saitz peter.sa...@gmail.com wrote

Re: stick-table and URL

2013-05-13 Thread Baptiste
it, then it will look for the information in the url parameter. Baptiste On Mon, May 13, 2013 at 6:47 PM, Rui Luís rui.l...@gmail.com wrote: Good day. For a few days i am trying to use stick-table with cookies and url parameters because flash does not support cookies i have the following configuration

Re: stick-table and URL

2013-05-13 Thread Baptiste
-server rules are evaluated. Baptiste On Tue, May 14, 2013 at 7:47 AM, Emeric BRUN eb...@exceliance.fr wrote: Hi, I'am not sure the baptiste trick is usable. Please prefer use-server statement: cookie SERVERID insert indirect nocache use-server ip1 if { url_param(SERVERID) memtom1

Re: stick-table and URL

2013-05-14 Thread Baptiste
rules are evaluated. The use-server does not match a cookie but an url parameter. So we don't care about cookie is present or not. AHAHA, good catch :) Regards, Emeric Baptiste

Re: stick-table and URL

2013-05-14 Thread Baptiste
be the number of servers actually). Well, that's my point of view. Baptiste

Re: Transparent proxy mode

2013-05-18 Thread Baptiste
configured iptables? Please share with us your procedure and we may be able to help. Baptiste On Fri, May 17, 2013 at 6:12 PM, Lionel PASCAL lionel.pas...@ac-clermont.fr wrote: I ‘m on ubuntu 12.04 LTS Kernel 3.2.0-40-generic I’m trying to enable transparent proxy mode but it does not work

Re: change in stick-table mapping

2013-05-26 Thread Baptiste
Hi Will, From your configuration, the application server is supposed to setup the SIMULATE_STICKY_SESSION. Can you confirm it is the case? Baptiste On Thu, May 23, 2013 at 1:11 PM, Will Glass-Husain wgl...@forio.com wrote: Hi, I'm running haproxy-ss-20130509. I have load balancing set up

Re: How do you combine rule for by URL and url_sub

2013-05-27 Thread Baptiste
Hi Jeff, AND is implicit between ACLs. No need to precise it. Please give a try to your configuration without this unknown keyword and it may works. Baptiste On Tue, May 28, 2013 at 5:18 AM, Jeff Flesher jeffrey.scott.fles...@gmail.com wrote: I have a Wt wthttpd Server running two threads

Re: How do you combine rule for by URL and url_sub

2013-05-28 Thread Baptiste
hi Jeff, Please keep the ML in Cc, so everybody can benefit of the resolution. HAProxy returns a 503 when there is no server available in the farm. Please turn on haproxy stat socket and check the server status on it: it should be UP, but I guess it is DOWN for now. Baptiste On Tue, May 28

Re: smtpchk when using proxy protocol

2013-05-28 Thread Baptiste
this behavior. Baptiste On Tue, May 28, 2013 at 5:54 AM, Vit Dua vit...@gmail.com wrote: Hi, There is an option in HAProxy 1.5 doc: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#check-send-proxy And this thread: http://comments.gmane.org/gmane.comp.web.haproxy/11551 I

Re: How do you combine rule for by URL and url_sub

2013-05-28 Thread Baptiste
Hi Jeff, No worries about the ML :) I'm happy I could help you. Baptiste On Tue, May 28, 2013 at 8:45 AM, Jeff Flesher jeffrey.scott.fles...@gmail.com wrote: New to list, I take it I should have done a reply to all and make sure haproxy is in the list; I should remember this is a list

Re: smtpchk when using proxy protocol

2013-05-28 Thread Baptiste
Hi viet Your last chance is to capturethe check with tcpdump and send it back to me. Might be a bug, either in Haproxy or postfix. Baptiste Le 28 mai 2013 09:12, Viet Hoang vit...@gmail.com a écrit : Hi Baptiste, My banner is normal indeed. I have checked with telnet and HAProxy without

Re: HTTP Request still gets response from the server with weight 0 and src persistence

2013-05-28 Thread Baptiste
be changed using hash-type. Please update your configuration following the recommandation above and let us know your feedback. Baptiste On Wed, May 29, 2013 at 5:22 AM, Godbach nylzhao...@gmail.com wrote: Hi, all It is expected that new http request will not get response from the server

Re: 403 - Forbidden: Access is denied with IIS7

2013-05-29 Thread Baptiste
setup a different Host header. You're browser is supposed to use different TCP connection to the same HAProxy for each hostname you're using. Baptiste On Wed, May 29, 2013 at 2:27 PM, K G V S Prasad kpra...@cordys.com wrote: Hi all, I am using HAProxy 1.4.23. I am getting sometimes following

Re: HTTP Request still gets response from the server with weight 0 and src persistence

2013-05-29 Thread Baptiste
AH, sorry, my mistake. I read your mail too quickly. Baptiste On Wed, May 29, 2013 at 9:18 AM, Godbach nylzhao...@gmail.com wrote: Hi Baptiste Thanks for your replying. I am using the balance roundrobin algorithm and sticking on src, not the the balance source algorithm. The configuration

Re: Block clients based on header in real time?

2013-05-29 Thread Baptiste
Hi, With latest HAProxy version, you could use a stick table and insert IPs in the stick table through HAProxy socket. Then you can ban all IPs from the stick table. Baptiste On Wed, May 29, 2013 at 1:05 PM, Ricardo Fraile rfra...@yahoo.es wrote: Hello, I'm looking for a solution

Re: HTTP Request still gets response from the server with weight 0 and src persistence

2013-05-29 Thread Baptiste
Actually, this is the purpose of dropping a weight to 0: being able to maintain sticky sessions. If you want to shutdown rudely your server, preventing everybody to access it, use the disable keyword. Baptiste On Wed, May 29, 2013 at 5:55 PM, Godbach nylzhao...@gmail.com wrote: Hi Baptiste

Re: Getting statistic through socket in multiprocess configuration

2013-05-31 Thread Baptiste
:) Baptiste On Fri, May 31, 2013 at 12:06 PM, Avatar avatar...@gmail.com wrote: Hi everybody First of all I want to say Thanks for work you have been doing and great product you produce. Today all servers are equipped with many cores and a lot of memory and don't use them leads to inefficient

Re: Multiprocess stats?

2013-06-07 Thread Baptiste
easily manage from a script. Baptiste On Thu, Jun 6, 2013 at 9:31 PM, Stephanie Jackson sjack...@keek.com wrote: Hi Lukas, On 2013-06-03, at 7:13 PM, Lukas Tribus wrote: Hi Stephanie, We're currently using haproxy with 8 processes. Is there any way to get combined stats for all processes

Re: Block clients based on header in real time?

2013-06-08 Thread Baptiste
forbidden by administrative rules. /body/html $ curl 127.0.0.1:8080 htmlbodyh1503 Service Unavailable/h1 No server is available to handle this request. /body/html Baptiste On Thu, May 30, 2013 at 12:50 PM, Ricardo Fraile rfra...@yahoo.es wrote: Hello, Ok, i update the server to 1.5

Re: Sticky session

2013-06-14 Thread Baptiste
Hi, Please turn the stick match into stick on and let us know the result. Baptiste On Fri, Jun 7, 2013 at 10:58 PM, Mir Islam mis...@mirislam.com wrote: I am having some issues setting up haproxy to do sticky session. My configuration is provided below. Basically I am trying to stick on src

Re: Haproxy + nginx + naxsi

2013-06-14 Thread Baptiste
Hug Hugues :p Sorry for the delay in my response, I'm a bit busy and far right now :) Well, this sounds a configuration issue, some typo or misnamed ACLs. Baptiste On Mon, Jun 10, 2013 at 6:15 PM, Hugues Lepesant hug...@lepesant.com wrote: Hello all, I'm trying to make this tutorial work

Re: sticky persistence jsessionid

2013-06-25 Thread Baptiste
Hi Thomas, Have you enabled http-close or http-server-close option? Baptiste On Tue, Jun 25, 2013 at 3:05 PM, Thomas Heil h...@terminal-consulting.de wrote: Hi, I have the following settings in a backend -- balance uri hash-type consistent #appsession JSESSIONID

Re: question about sni

2013-06-27 Thread Baptiste
Hi, You can log the SNI: log-format %[ssl_fc_sni] Baptiste On Thu, Jun 27, 2013 at 2:41 PM, Thomas Heil h...@terminal-consulting.de wrote: Hi, I would like to evaluate SNI. Is there a possibility to log errors from clients, so we could get a feeling how many clients cannot cope with SNI

Re: question about sni

2013-06-27 Thread Baptiste
also log the User-Agent ;) and make us a nice report. Baptiste On Thu, Jun 27, 2013 at 4:03 PM, Thomas Heil h...@terminal-consulting.de wrote: Hi, On 27.06.2013 15:51, Baptiste wrote: Hi, You can log the SNI: log-format %[ssl_fc_sni] I 'll try that. tanks a lot. Baptiste thomas

Re: ssl sni and client certificate verification

2013-07-02 Thread Baptiste
Hi Peter, A few more information about HAProxy features and client certificate: http://blog.exceliance.fr/2012/10/03/ssl-client-certificate-management-at-application-level/ http://blog.exceliance.fr/2013/06/13/ssl-client-certificate-information-in-http-headers-and-logs/ Baptiste On Tue, Jul 2

Re: Remotely accessible stats socket and HATop

2013-07-09 Thread Baptiste
Hey, Can you give a try to stats socket ipv4@a.b.c.d:1234 You can even cipher the connection and even use a client certificate to allow people using the socket. Baptiste Baptiste On Tue, Jul 9, 2013 at 10:48 AM, Simon Green si...@wirehive.net wrote: Hi Willy, Ref: Since a recent enough

Re: Don't use one server in backend on condition?

2013-07-09 Thread Baptiste
Hi, Better creating 2 backends, one with the server one without it and use the ACL in the frontend to choose the right backend. Baptiste On Tue, Jul 9, 2013 at 6:31 AM, Igor j...@owind.com wrote: Hi, is it possible to let one server not to be used in backend on ACL condition like backend

Re: FreeBSD with options transparent not working.

2013-07-11 Thread Baptiste
Hi Jinge, Could you update your source statement to: source 0.0.0.0 usesrc clientip And let us know if that fixed your issue. Baptiste On Thu, Jul 11, 2013 at 11:25 AM, jinge altman87...@gmail.com wrote: Hi,all! We use HAproxy for our web system. And there is a statement if not HTTP

Re: Combine http and https backend

2013-07-11 Thread Baptiste
bind 212.12.12.12:443 bind 212.24.24.24:443 default_backend bk_myproxyB-https backend bk_myproxyB-https balance roundrobin optionhttpchk server app07_backup 10.0.0.6:443 check port 80 inter 5000 backup server app08_master 10.0.0.7:443 check port 80 inter 5000 Baptiste

Re: FreeBSD with options transparent not working.

2013-07-11 Thread Baptiste
So the problem might be in the way you compiled HAProxy or you have configured your OS. Unfortunately, I can't help on FreeBSD :'( Baptiste On Thu, Jul 11, 2013 at 11:55 AM, jinge altman87...@gmail.com wrote: Hi, Baptiste! But i just test with this and found no use. Regards Jinge

Re: init variable from ACL condition

2013-07-29 Thread Baptiste
Hi Jerome, This is not doable for now. Cheers. On Mon, Jul 29, 2013 at 4:33 PM, Jérôme Saada jsa...@mediastay.com wrote: anybody could please tell me if that is possible ? best regards On 18/07/2013 15:06, Jérôme Saada wrote: hello, i would like to change the backend's port

Re: Choosing outgoing IP

2013-07-30 Thread Baptiste
backend and route src IPs using ACLs to the right backend. Baptiste On Tue, Jul 30, 2013 at 12:15 PM, Kevin C ki...@kiven.fr wrote: Hi list, I configure an haproxy instance on a Linux Cluster vith some virtual IPs. Is it possible to choose which IP haproxy use for a backend, like

Re: How to monitor all process

2013-08-05 Thread Baptiste
Hi, You can't. The only way is to bind a stats page per process, to call it in CSV mode, grab the required information from each process then add them together. Baptiste On Thu, Aug 1, 2013 at 4:44 AM, Duc Le Minh duclm...@gmail.com wrote: Hi! I have haproxy load balance web with 12 process

Re: http reject return code

2013-08-05 Thread Baptiste
Hi Ghislain, This would work using the errorfile directive and the code 403. Baptiste On Wed, Jul 31, 2013 at 8:22 PM, Ghislain gad...@aqueos.com wrote: hi, still in my basic DOS protection rules i use http reject for http mode and the error returned is 403. In reality i would want

Re: TCP reject logging of request

2013-08-05 Thread Baptiste
Hi Ghislain, To log such rejected connection please ensure you don't have the dontlognull option enabled and you're rejecting connections using the tcp-request content statement. Baptiste On Wed, Jul 31, 2013 at 8:22 PM, Ghislain gad...@aqueos.com wrote: hi list! I am using haproxy 1.5

Re: Force HTTPS with https backend

2013-08-06 Thread Baptiste
Hi Wolfgand, First, turn the mode to http, otherwise header insertion can't work. To fix your issue, simply append a the ssl keyword on the server line description. Baptiste On Tue, Aug 6, 2013 at 8:14 AM, Wolfgang Grim g...@banet.at wrote: Hi everybody, just started to use haproxy

Re: http reject return code

2013-08-06 Thread Baptiste
Ricardo, You used 403 status code in your example ;) Baptiste On Tue, Aug 6, 2013 at 11:45 AM, Ricardo F ri...@hotmail.com wrote: Hello Ghislain, If you use this line in your conf file: errorfile 403 /etc/haproxy/errorfiles/403.http You can write there the complete response, 403

Re: Force HTTPS with https backend

2013-08-06 Thread Baptiste
Hi, only 1.5. Baptiste On Tue, Aug 6, 2013 at 5:56 PM, Amol mandm_z...@yahoo.com wrote: what version of haproxy is this in, will it work for 1.4 variants or only 1.5 onwards? From: Baptiste bed...@gmail.com To: Wolfgang Grim g...@banet.at Cc: haproxy

Re: Force HTTPS with https backend

2013-08-07 Thread Baptiste
Hi Wolfgang, looks good as well with this configuration. But you're not performing any SSL offloading :) Baptiste On Wed, Aug 7, 2013 at 7:27 AM, Wolfgang Grim g...@banet.at wrote: Hello Baptiste, thank you for your help, I found a solution which is a bit different but is also working (I

Re: some issues with getting SSL redirect going completely

2013-08-07 Thread Baptiste
. Baptiste On Wed, Aug 7, 2013 at 5:10 AM, Jim Alateras j...@comware.com.au wrote: We are looking at using HAProxy for SSL termination and dropping our reliance on nginx. IIt seems to work for some instances but for others i get the following type of others Aug 7 12:08:31 localhost haproxy

Re: HTTP Content-Check

2013-08-12 Thread Baptiste
Hi Wolfgang, The option you're looking for is http-check expect. Baptiste On Mon, Aug 12, 2013 at 1:35 PM, Wolfgang Routschka wolfgang.routsc...@drumedar.de wrote: Hi Guys, on question today about option httpchk in haproxy 1.5-dev19. Is it possible to check the content of URI in option

Re: HA Proxy Install Guide

2013-08-13 Thread Baptiste
HAProxy can run without root rights, but some features won't be available. IE, you won't be able to bind a port below 1024, transparent mode may not work, performance tuning won't be able to be applied. but all basic TCP and HTTP features should work without any issues at all. Baptiste On Mon

<    1   2   3   4   5   6   7   8   9   10   >