How to block file large more than specific size?

Use conf like below in frontend, but doesn't work. Any help? acl bigfile shdr_val(content-length) gt 1000 block if bigfile Bests, -Igor

Send proxy authorization header to squid

or conf wrong? Bests, -Igor

Re: Send proxy authorization header to squid

Thanks. The problem solved. Bests, -Igor On Tue, May 17, 2011 at 3:45 AM, Willy Tarreau w...@1wt.eu wrote: Hi Igor, On Sat, May 14, 2011 at 01:50:06AM +0800, Igor wrote: Hi all, In my frontend conf, I used reqadd Proxy-Authorization:\ Basic\ to send auth header to proxy, other

Re: HAProxy Response time performance

Can't find 1.4.16 at http://haproxy.1wt.eu/download/1.4/src/ ? Bests, -Igor 2011/6/9 Hervé COMMOWICK hcommow...@exosec.fr: Hello Matt, You need to activate logging to see what occurs to your requests, you can use halog tool (in the contrib folder) to filter out fast requests. Other

The best way to do healthy check in forward proxy?

to do healthy check to make the high availability of the proxy server? Bests, -Igor

errorfile 403 and haproxy return 200?

When I use errorfile 403 /etc/haproxy/403.html, the haproxy(1.4.16ss) will return HTTP/0.9 200 OK to the client not HTTP/1.0 403 Forbidden. Is this a bug? Bests, -Igor

Re: errorfile 403 and haproxy return 200?

Opps, I didn't mention that error file must contain http headers in it :( Bests, -Igor On Tue, Jun 14, 2011 at 1:19 PM, Willy Tarreau w...@1wt.eu wrote: On Tue, Jun 14, 2011 at 12:00:07PM +0800, Igor wrote: When I use errorfile 403 /etc/haproxy/403.html, the haproxy(1.4.16ss) will return

Separated config file support

Got a very long haproxy.conf, is there any way to separate config file by using any directive like include *.conf? Bests, -Igor

How to check transfer speed health?

? Bests, -Igor

Frontend outgoing bandwidth limit and concurrent source IP limit

, -Igor

Re: Frontend outgoing bandwidth limit and concurrent source IP limit

Thanks all. Hope we will see 1.6-dev1 soon :D Bests, -Igor On Wed, Apr 18, 2012 at 1:40 PM, Willy Tarreau w...@1wt.eu wrote: On Wed, Apr 18, 2012 at 05:39:24AM +0200, Baptiste wrote: Hi,, 1. not doable at this time with HAProxy And I don't even know if there is any plans to do it soon

Dev 11 breaks stick table

Hi, The configuration below works fine in dev8, but in haproxy-ss-20120607, it failed, alway return 502 error. Any idea? stick-table type ip size 3 expire 1ms nopurge store rspideny . if { table_cnt gt 3 } tcp-request connection track-sc1 src Bests, -Igor

Key for count track-sc1 source IP by CIDR

Hi, At the moment, only src is supported for counting track-sc1's source IP(mask 32), any plan to add support for counting by mask? For example, 192.168.1.x source IP as 1 count. Cheers, -Igor

Re: Key for count track-sc1 source IP by CIDR

Is there a ETA for this? May be dev12 or even soon ? ;) Bests, -Igor On Tue, Jun 19, 2012 at 1:08 PM, Willy Tarreau w...@1wt.eu wrote: Hi Igor, On Mon, Jun 18, 2012 at 11:12:47PM +0800, Igor wrote: Hi, At the moment, only src is supported for counting track-sc1's source IP(mask 32), any

Dynamic DNS lookup

I have dynamic FQDN server in backend like: b1.example.com:, which b1.example.com has dynamic IP, haproxy seems not work properly when server's IP changed. Any way to work around? Thanks. Bests, -Igor

Re: Old processes never die

OK, I will try it. BTW, latest snapshot seems break cli to enable/disable backend's server, always complain: No such server. It works well in dev11 Bests, -Igor On Thu, Nov 15, 2012 at 6:32 AM, Willy Tarreau w...@1wt.eu wrote: Hi Igor, On Thu, Nov 15, 2012 at 06:27:05AM +0800, Igor wrote

Re: Old processes never die

Hi, Willy, lastest haproxy has no this bug :) But comes another annoying cli bug: enable/disable backend's server doesn't work. Bests, -Igor On Thu, Nov 15, 2012 at 7:00 AM, Igor j...@owind.com wrote: OK, I will try it. BTW, latest snapshot seems break cli to enable/disable backend's server

Re: Disable server in stat page triggers 503

that. Bests, -Igor On Tue, Jan 15, 2013 at 4:27 AM, Willy Tarreau w...@1wt.eu wrote: Hi Igor, On Tue, Jan 15, 2013 at 03:04:10AM +0800, Igor wrote: Hi, sometimes when I disable server in stat page, it will return 503, I must refresh the page to do disable again. This is issue happens when I

Re: Disable server in stat page triggers 503

timeout check 3000 timeout connect 2 timeout server 3 timeout client 3 errorfile 403 /etc/haproxy/403.http errorfile 502 /etc/haproxy/502.http Bests, -Igor On Tue, Jan 15, 2013 at 4:24 PM, Willy Tarreau w...@1wt.eu wrote: On Tue, Jan 15

Invalid ACL with Dev-18 JIT

Try with PCRE JIT, but failed with: error detected while parsing ACL 'adb' : regex 'ad_keyword=' is invalid. is this my ACL's problem or bug? Bests, -Igor

Re: Invalid ACL with Dev-18 JIT

) -i -f /etc/haproxy/ip_reg.txt ip_reg.txt: \b(?:\d{1,3}\.){3}\d{1,3}\b \.us Error like: error detected while parsing ACL 'side2' : regex '\b(?:\d{1,3}\.){3}\d{1,3}\b' is invalid. The config works fine without JIT enable. Bests, -Igor On Thu, Apr 4, 2013 at 8:31 PM, Lukas Tribus luky

Limit frontend bandwidth rate?

Limit frontend bandwidth speed would be handy for some product environment, is this still planned in 1.5 dev? Bests, -Igor

Re: Limit frontend bandwidth rate?

Hi, Baptiste, you may misunderstand, it's limit speed like at rate 1Mbps :) Bests, -Igor On Thu, May 2, 2013 at 2:10 PM, Baptiste bed...@gmail.com wrote: Hi, What you can do with 1.5 currently is using a stick table and monitor bandwith per Host header for example. Then if you go over

SSL terminate mode

some other tools can do termination, but I prefer to do it all in haproxy, thanks for any advice. Bests, -Igor

Re: SSL terminate mode

Thanks, Willy. Frontend in http mode(may be called https terminate mode) and backend in SSL is my goal, which uses remote https connection directly, haproxy terminates SSL backend into http. this is what for performance testing sometimes. Bests, -Igor On Sun, May 5, 2013 at 5:55 PM, Willy

Don't use one server in backend on condition?

check Thanks in advance. Bests, -Igor

Unicode user-agent

Hi, I used hdr(user-agent) ACL to block some traffic, recently need to block some Chinese named user-agent, does haproxy could handle this? Thanks. Bests, -Igor

set weight bug?

weight, I found sometimes set weight to servers rapidly, like multi echo set weight s(*)/p(*) 100| socat stdio /tmp/haproxy, will crash haproxy daemon. Bests, -Igor

Re: set weight bug?

Here is my config http://pastie.org/private/wf0dv30krqpasgmhtdnahw (Deleted some servers and two backends for clear config) I used script to handle servers weight since haproxy-ss-20131031, so I never tried previous versions. Bests, -Igor On Wed, Nov 6, 2013 at 5:55 AM, Lukas Tribus luky

Re: set weight bug?

Hi, Willy, after upgraded to haproxy-ss-20131122, enable and disable servers via socket will crash haproxy, there's no this issue in haproxy-ss-20131031. Bests, -Igor On Thu, Nov 21, 2013 at 10:42 PM, Willy Tarreau w...@1wt.eu wrote: Hi Igor, On Thu, Nov 21, 2013 at 09:03:05PM +0800, Igor

SSL client mode

For testing and bench purpose, client mode like stud[1] would be useful, any plan to implement this feature? [1] https://github.com/bumptech/stud/pull/79 Bests, -Igor

Re: SSL client mode

Hi, it may like stunnel's client mode. In haproxy, we may get like this to terminate SSL server to HTTP server. listen http bind: 80 mode ssl-client use-server sslsrv 127.0.0.1:443 Bests, -Igor On Mon, Dec 9, 2013 at 4:25 AM, Lukas Tribus luky...@hotmail.com wrote: Hi Igor, For testing

Re: SSL client mode

Thanks, Lukas. I don't quite understand what you mean, can you show me an example conf? Bests, -Igor On Mon, Dec 9, 2013 at 4:40 AM, Lukas Tribus luky...@hotmail.com wrote: Hi, listen http bind: 80 mode ssl-client use-server sslsrv 127.0.0.1:443 This should already work without

Compile warning on OS X

/common/time.h:32:26: note: expanded from macro 'TV_ETERNITY' Can I ignore this warning even the compile succeed? Thanks for any suggestion. Bests, -Igor

Re: SSL client mode

Thanks Thomas and Lukas, that's what I look for. Bests, -Igor On Mon, Dec 9, 2013 at 10:17 PM, Thomas Heil h...@terminal-consulting.de wrote: Hi, On 08.12.2013 21:34, Igor wrote: Hi, it may like stunnel's client mode. In haproxy, we may get like this to terminate SSL server to HTTP server

New bug?

in frontend 'zorayoyo9881' while parsing 'if' condition : no such ACL : 'too_fast' Bests, -Igor

Print http log to stdout?

In verbose mode, is it possible to print http log to stdout? Thanks. Bests, -Igor

Re: Compile warning on OS X

Hi, Willy, the patch fixed the reported warning, but seems introduce new warning, the log: http://pastebin.com/dBfHGV2S Thanks. Bests, -Igor On Fri, Dec 13, 2013 at 4:25 PM, Willy Tarreau w...@1wt.eu wrote: On Tue, Dec 10, 2013 at 12:13:09AM +0100, Lukas Tribus wrote: Hi Igor, include

Re: Compile warning on OS X

I see, thanks for the very clear explanation. :) Bests, -Igor On Fri, Dec 13, 2013 at 5:45 PM, Willy Tarreau w...@1wt.eu wrote: Hi Igor, On Fri, Dec 13, 2013 at 05:13:51PM +0800, Igor wrote: Hi, Willy, the patch fixed the reported warning, Thanks for testing! I'm merging

Re: [ANNOUNCE] haproxy-1.5-dev20

acl adb url_reg,lower -f /etc/haproxy/long.lst Did I use this in a wrong way? Bests, -Igor On Mon, Dec 16, 2013 at 10:41 AM, Willy Tarreau w...@1wt.eu wrote: Hi all, here is probably the largest update we ever had, it's composed of 345 patches! Some very difficult changes had to be made

Re: HAProxy Next?

- Frontend bandwidth speed limit ability. Bests, -Igor On Tue, Dec 17, 2013 at 4:14 PM, Annika Wickert a.wick...@traviangames.com wrote: Hi all, we did some thinking about how to improve haproxy and which features we’d like to see in next versions. We came up with the following list

Does haproxy could be a forward proxy?

directly without creating a proxy by another tool. Thanks. Bests, -Igor

Re: HAProxy 1.5 possible bug

address. A next step could be to try to use the same resolver for regular traffic. The thing is that doing this fast will require a cache otherwise it will be slow and will hammer the DNS servers quickly. This is the most wanted feature :) Bests, -Igor

Limit requests to host from one source.

, mail.example.com not limited by that. I refer to 1.5 doc and http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ , can't find a clear way to accomplish. Thanks. Bests, -Igor

Re: Limit requests to host from one source.

Hi, Baptiste What I mean is tracking every single IP and only limit it to access specified host name at a limited rate :) Bests, -Igor Bests, -Igor On Fri, May 9, 2014 at 3:36 PM, Baptiste bed...@gmail.com wrote: Hi Igor, You can reuse the examples from the blog and limit tracking

OCSP and Startssl

reports OCSP Yes. May be like this issue: http://trac.nginx.org/nginx/ticket/465 ? Bests, -Igor

Re: 100% CPU after upgraded to 1.6dev

, the load increasing. Bests, -Igor On Sat, Jul 19, 2014 at 2:00 AM, Lukas Tribus luky...@hotmail.com wrote: Hi Igor, hi Thomas, On 18.07.2014 19:22, Igor wrote: Hi, I use git commit e63a1eb290a1c407453dbcaa16535c85a1904f9e, 1.5.2 same result like git version. Ok, can you still post the haproxy

Re: HAProxy as a TCP Fast Open Client

I have a scenario to use client mode, is TFO client mode ready to merge to 1.6 dev? Bests, -Igor On Fri, Feb 14, 2014 at 1:47 AM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Thu, Feb 13, 2014 at 01:50:16PM +, David Harrold wrote: Hi Willy Did some more investigation on the case

Re: [ANNOUNCE] haproxy-1.6-dev2

It's very cool to have DNS finally! I wonder is that possible to do this like? use_backend us_upstream if { hdr(Host),dnsname_to_ip_and_map(geo_us.lst) -m str us } Convert hostname to IP, find IP's geo info, use matched backend. Thank you. Bests, -Igor On Thu, Jun 18, 2015 at 4:06 PM

Re: [ANNOUNCE] haproxy-1.6-dev2

Wow, sounds great, hope it comes soon :) Bests, -Igor On Fri, Jun 19, 2015 at 8:00 PM, Willy Tarreau wi...@haproxy.com wrote: On Fri, Jun 19, 2015 at 07:35:49PM +0800, Igor wrote: It's very cool to have DNS finally! I wonder is that possible to do this like? use_backend us_upstream

Do you need redesign of your site at the address https://www.haproxy.com or another original software?

, accounting apps or any other software, made and configured specifically for you, and much more, about what you can find out on my site https://www.programs.gq/en/ With best regards, Igor, flashscript1...@gmail.com

cannot auth squid_kerb_auth farm behind haproxy

Hello everybody, I have a farm of three squid proxies, pointing one of them individualy, in a browser for example, I can authenticate (kerberos authentication via squid_kerb_auth) but when I point the browser to the vip I cannot authenticate. Does anybody have a clue about how can I authenticate

effect of adding `cookie` option to server

AND listen helloworld bind :80 mode http option httplog server srv1 10.0.2.15:9494 check inter 1s rise 1 fall 1 cookie srv1 server srv2 10.0.2.15:9495 check inter 1s rise 1 fall 1 cookie srv2 thanks! --igor

Re: How to edit backend members in realtime without HAProxy restart

becomes available again, but every time a backend is added Synapse restarts haproxy * there's no connector yet for plugging Synapse into consul; this would need to be written. --igor On Thu, Jun 19, 2014 at 6:02 PM, Justin Franks justin.fra...@lithium.com wrote: Hello, We are using Consul

Re: HA proxy - Need infromation

On Tue, Apr 14, 2015 at 12:55 AM, Thibault Labrut thibault.lab...@enioka.com wrote: Hello, I currently installing HAProxy with keepalived to one of my clients. To facilitate the administration of this tool, I would like to know if you can advise me of administration web gui for HA proxy.

Re: SSL backends stopped working

On 23/04/2015 6:01 PM, i...@linux-web-development.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi! I'm having trouble with one of our HAProxy-Servers that uses a backend with TLS. When starting HAProxy the backend will report all servers as down: Server

Re: Backend status changes continuously

On 21/04/2015 6:00 PM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi all, While running the command: : ab -n 10 -c 1000 192.168.122.110:80/256 , the haproxy stats page shows the 4 different backend servers changing status between Active up, going down, Active or backup

Re: Backend status changes continuously

On Wed, Apr 22, 2015 at 3:34 PM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi Baptists, Sorry I didn't provide more details earlier. -- 1. root@HAPROXY:~# haproxy -vv

Re: Stick tables and counters persistence

On Fri, Apr 17, 2015 at 2:26 PM, Dennis Jacobfeuerborn denni...@conversis.de wrote: On 17.04.2015 02:12, Igor Cicimov wrote: Hi all, Just a quick one, are the stick tables and counters persisted on haproxy 1.5.11 reload/restart? With nbproc=1 yes as long as you use a peers section

Stick tables and counters persistence

Hi all, Just a quick one, are the stick tables and counters persisted on haproxy 1.5.11 reload/restart? Thanks, Igor

Re: switching backends based on boolean value

On Fri, Apr 17, 2015 at 3:26 AM, Dennis Jacobfeuerborn denni...@conversis.de wrote: Hi, I'm trying to find the best way to toggle maintenance mode for a site. I have a regular and a maintenance backend defined an I'm using something like: frontend: acl is_maintenance always_false

Re: proxy haproxy has no server available!

On Tue, Apr 7, 2015 at 3:24 PM, Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com wrote: Sorry, forgot to mention, this is haproxy version 1.5.11 On Tue, Apr 7, 2015 at 10:52 AM, Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com wrote: Hi all, I am moving

Fwd: proxy haproxy has no server available!

Forgot to cc the list. -- Forwarded message -- From: Igor Cicimov ig...@encompasscorporation.com Date: Tue, Apr 7, 2015 at 4:25 PM Subject: Re: proxy haproxy has no server available! To: Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com On Tue, Apr 7, 2015 at 3

Re: Compression does not seem to work in my setup

IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. How can I fix this? Thanks for any help, Regards, - KK -- Igor Cicimov | DevOps p

Re: HAProxy responding with NOSRV SC

(host) -i example.com use_backend name1 if host_soap acl secure dst_port eq 44 backend name1 mode http option httpchk HEAD /test.jsp HTTP/1.0 appsession JSESSIONID len 32 timeout 1800s server name X.X.X.X:80 -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig

Re: HAProxy for Statis IP redundancy

On 16/08/2015 11:21 PM, Mitchell Gurspan mitch...@visualjobmatch.com wrote: Hi – Would you be able to tell me if HAProxy can be used to solve the following problem? I host an iis 7.5) windows site on a comcast business static IP (in office). the internet goes down sometimes and I’d like

Re: HTTPS to HTTP reverse proxy

ssl RewriteEngine On RewriteCond %{HTTP_X_Forwarded_Proto} ^https$ RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] Hope this helps, in case I'm right that is :-). Igor

Re: haproxy can't bind to mysql port

--recv-keys F186197B -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com http://encompasscorporation.com/ w*.* encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: haproxy can't bind to mysql port

By run I meant you have to start it as root user which you are doing anyway. Can you run: # nc -l -p 80 as root just to confirm you can bind to port 80? On 25/07/2015 2:10 PM, Igor Cicimov ig...@encompasscorporation.com wrote: You need to run haproxy as root to bind to ports lower than 1024

Re: haproxy can't bind to mysql port

You need to run haproxy as root to bind to ports lower than 1024 On 25/07/2015 1:36 PM, Tim Dunphy bluethu...@gmail.com wrote: Hi Yuan, Nice. Do you use selinux in prod. regards, ; Yuan Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby environments. And right

Re: acl regex

eg/?lang=$ > # off acl fr_topurlp_reg(lang\=$,?) -m > found > # off acl fr_topurlp_reg(lang\=$,?) -m > found > > but with no luck > > thanks > > --- > Guillaume

Re: acl regex

On 12/11/2015 5:30 PM, "Guillaume Bourque" < guillaume.bour...@logisoftech.com> wrote: > > Hello Bryan > > I’m running haproxy 1.5.4 and I can’t find any example on how to user req.uri if you could give a examples on how to match a specific query to redirect to another > > From

Re: HAProxy and backend on the same box

On 13/11/2015 1:04 AM, "jaleel" wrote: > > Hello, > > I am trying to setup the following for deployment > > I have 2 servers. > server1: eth0:10.200.2.211 (255.255.252.0) > eth1: 192.168.10.10 (255.255.255.0) > server2: eth0: 10.200.2.242 (255.255.252.0) >

Re: Selecting back end from host header

On Sun, Nov 15, 2015 at 1:21 AM, SL wrote: > Hi, > > We have quite a large number of backends, and are selecting which back end > to use based on the host specified in the request. (Note these are not > loadbalanced, we have to target them individually). > > Currently we are

Re: Need some help configuring backend health checks

On 30/10/2015 4:48 PM, "Daren Sefcik" wrote: > > So I think those links were the right idea and I have been trying different configurations but am not quite there and am hoping somebody can offer a bit more guidance. > > So when I telnet to the icap server I type in the

Re: questions for haproxy 1.5

On 31/10/2015 2:03 AM, "Igor Cicimov" <ig...@encompasscorporation.com> wrote: > > > On 30/10/2015 11:18 PM, "Labedan, Alain" <alain.labe...@cgi.com> wrote: > > > > Hi, > > > > > > > > I have HAPROXY in front of servers b

Re: questions for haproxy 1.5

On 30/10/2015 11:18 PM, "Labedan, Alain" wrote: > > Hi, > > > > I have HAPROXY in front of servers backend which are load balanced. > > > > - For terminated SSL haproxy, I want HAproxy give the good certificate to the client associated with the good domain . > >

Re: tcp-check with persistent session cookie ?

On 07/11/2015 8:01 AM, "Sébastien ROHAUT" wrote: > > Hi, > > We encountered a big problem this afternoon, which crashed for a while one of our websites, a java (tomcat+lift) application. We are using Haproxy 1.5. > > For our backend, we're doing something like

Re: Need some help configuring backend health checks

On 31/10/2015 3:14 AM, "Daren Sefcik" <dsef...@hightechhigh.org> wrote: > > > > On Thu, Oct 29, 2015 at 11:15 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: >> >> >> On 30/10/2015 4:48 PM, "Daren Sefcik" <dsef...@hightec

Re: About maxconn and minconn

On Thu, Oct 8, 2015 at 11:51 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Thu, Oct 8, 2015 at 12:18 AM, Dmitry Sivachenko <trtrmi...@gmail.com> > wrote: > >> Hello, >> >> I am using haproxy-1.5.14 and sometimes I see the followin

Re: About maxconn and minconn

On Thu, Oct 8, 2015 at 12:18 AM, Dmitry Sivachenko wrote: > Hello, > > I am using haproxy-1.5.14 and sometimes I see the following errors in the > log: > > Oct 7 08:33:03 srv1 haproxy[77565]: unix:1 [07/Oct/2015:08:33:02.428] > MT-front MT_RU_EN-back/ 0/1000/-1/-1/1000 503

Re: [blog] What's new in HAProxy 1.6

> > Baptiste > Awesome, thank you! Igor

Re: About maxconn and minconn

On Thu, Oct 8, 2015 at 7:15 PM, Dmitry Sivachenko wrote: > > > On 7 окт. 2015 г., at 16:18, Dmitry Sivachenko > wrote: > > > > Hello, > > > > I am using haproxy-1.5.14 and sometimes I see the following errors in > the log: > > > > Oct 7 08:33:03 srv1

Re: HTTP Response Rewriting to Replace Internal IP with FQDN

la". > > > server Product1.VM0 cookie c check > > > > Thank you. > > -- > > Sincerely, > > Susheel Jalali > > Coscend Communications Solutions > > Elite Premio Complex Suite 200, Pune 411045 Maharashtra India > susheel.jal...@coscend.com > > We

Re: Converting from sticking on src-ip to custom auth header

The stick-table type would be string and not ip in that case though On 01/10/2015 5:07 AM, "Jason J. W. Williams" wrote: > > We've been seeing CenturyLink and a few other residential providers NATing their IPv4 traffic, making client persistency on source IP result in

Re: Converting from sticking on src-ip to custom auth header

e the stick > table (I assume they need type ip) or another implied table? > > -J > > On Wed, Sep 30, 2015 at 3:41 PM, Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> The stick-table type would be string and not ip in that case though >> >

Re: Converting from sticking on src-ip to custom auth header

to the stick-table declaration. > > Sent via iPhone > > On Sep 30, 2015, at 18:23, Igor Cicimov <ig...@encompasscorporation.com> > wrote: > > Well in case of header you would have something like this I guess: > > tcp-request content track-sc1 hdr(x-app-authorizati

Re: [PATCH] BUG: config: external-check command validation is checking for incorrect arguments.

Many thanks! Regards, Igor

Re: Frontend ACL rewrites URL incorrectly to backend

fic entering apache. In that way you will find the culprit for sure. Cheers, Igor On Tue, Oct 6, 2015 at 9:22 AM, Daren Sefcik <dsef...@hightechhigh.org> wrote: > As I wrote in my previous emails it is not just a WP problem but several > other sites also that behave weird but some other

Re: Questions Aboute the PEM Phrase.

On 03/12/2015 6:54 AM, "Jesus Moran" wrote: > > Hello. > > Excelent work whit this tool. > > Today i was integrating haproxy 1.5 whit SSL and was easy and fast, but i wave a litte issue. > > When i create the .key file i add it a phrase. > > > i cerate the certificate

Re: SSLv2Hello is disabled

On 02/12/2015 12:41 AM, "Cohen Galit" wrote: > > Hello, > > > > When HAProxy 1.5.9 is trying to sample our servers with this configuration: tcp-check connect port 50443 ssl > > > > Our servers returns an error: > > > > 2015-11-29 09:48:18,155 [StartPoint-IMAP-SSL-Worker(14)]

RE: SSLv2Hello is disabled

On 02/12/2015 10:19 AM, "Lukas Tribus" wrote: > > > On 02/12/2015 12:41 AM, "Cohen Galit" > > > wrote: > > > > > > Hello, > > > > > > > > > > > > When HAProxy 1.5.9 is trying to sample our servers with this > > configuration:

Re: lua authentication

he 'userlist' block > > thx in advance for your time > > Excellent question. One feature I would love to see in haproxy is support for ldap authentication. It would be awesome If that could be done via lua. Thanks, Igor

Re: Official haproxy blog uses a stickiness table of size 1 (just 1, no suffix). Is this OK?

On Mon, Jan 4, 2016 at 10:57 PM, Mike MacCana wrote: > I'm investigating active/passive HAProxy setups and came across the > following from the official HAProxy blog. At http://blog.haproxy > .com/2014/01/17/emulating-activepassing-application-clustering-with- > haproxy/

Re: Owncloud through Haproxy makes upload not possible

On 20/11/2015 7:23 AM, "Piotr Kubaj" wrote: > > On 11/19/2015 17:01, Janusz Dziemidowicz wrote: > > 2015-11-19 15:45 GMT+01:00 Piotr Kubaj : > >> Now, about RSA vs ECDSA. I simply don't trust ECDSA. There are quite a > >> lot of questions about constants used

RE: tcpdump and Haproxy SSL Offloading

On 4 Jun 2016 11:53 pm, "mlist" <ml...@apsystems.it> wrote: > > Hi Luca and Igor, > > > > I know there is not a simple way. In this network trace I verified an IE11 / Edge bug with preconnect sessions. > > This is a known problem, also if not so documente

Re: tcpdump and Haproxy SSL Offloading

On Fri, Jun 3, 2016 at 3:14 AM, mlist wrote: > Often I need to take tcpdump to analyze haproxy communication to clients > and to backend servers. > > As we use haproxy as SSL termination point (haproxy SSL ofloading), at low > levels (so tcpdump level) > > we see

Re: ACL & frontend : random behavior / haproxy 1.5.18-1ppp1

ainamoi.fr > Host:\ fra29-2-fra.md.bbb.loca > server labas 192.168.21.5:80 > > backend ipv4-fr > balance roundrobin > option httpchk GET / > server fr-icietla 192.168.22.4:8080 weight 1 check inter 5000 rise 2 > fall 5 > -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com <http://encompasscorporation.com/> w*.* www.encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: tcpdump and Haproxy SSL Offloading

Hi Lukas, On Sat, Jun 4, 2016 at 3:03 AM, Lukas Tribus wrote: > Hello, > > > you can dump the symmetric keys from the browser and import them in > wireshark to decrypt PFS protected TLS sessions [1] Yes in case you want to troubleshoot something generic this is a good approach

Re: Use regex for backend selection

if to-serverN > > > by something more generic like > > use_backend bck-\1 if hdr_reg(host) -i (.*).domain.tld > > > but I can’t find a way to make it work. > > Am I on the right path ? > > Thanks, > Mildis > -- Igor Cicimov | DevOps

  1   2   3   4   >