Revisiting CVE-2023-45539

2024-03-04 Thread Ryan O';Hara
I am looking at CVE-2023-45539 as it affects older versions of haproxy (ie. haproxy-1.8). At this point I have verified that 1.8 is affected by this issue, which is in agreement with the original bug/commit which states versions prior to 2.8 need a backport. I am wondering if anyone has attempted o

Re: CVE-2023-44487 and haproxy-1.8

2023-10-16 Thread Ryan O';Hara
etermining factor? here? Many thanks. Ryan On Mon, Oct 16, 2023 at 12:41 PM Aleksandar Lazic wrote: > > > On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: > > Does 1.8 support http/2? > > No. > > > On Mon, Oct 16, 2023, 18:58 Ryan O'Hara > <m

CVE-2023-44487 and haproxy-1.8

2023-10-16 Thread Ryan O';Hara
Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A This article states that HAProxy versions 1.9 and later are *not* affetced, which is great. This implies that haproxy-1.8 *is* affected, b

Re: how to install on RHEL7 and 8

2022-05-26 Thread Ryan O';Hara
On Wed, May 25, 2022 at 11:15 AM William Lallemand wrote: > On Tue, May 24, 2022 at 08:56:14PM +, Alford, Mark wrote: > > Do you have instruction on the exact library needed to fo the full > install on RHEL 7 and RHEL 8 > > > > I read the INSTALL doc in the tar ball and the did the make comma

Re: HAProxy-1.8 sometimes sends a shorter html when using multithread function

2021-05-24 Thread Ryan O';Hara
On Tue, May 18, 2021 at 12:00 PM Willy Tarreau wrote: > Hi Ryan, > > On Tue, May 18, 2021 at 10:54:11AM -0500, Ryan O'Hara wrote: > > > > I confirmed haoproxy's log message corresponded to the > > > > shorter html, the following line is one of them. &g

Re: HAProxy-1.8 sometimes sends a shorter html when using multithread function

2021-05-18 Thread Ryan O';Hara
On Tue, May 18, 2021 at 5:21 AM Willy Tarreau wrote: > Hello, > > On Mon, May 17, 2021 at 09:47:10AM +0900, Kazuhiro Takenaka wrote: > > Hello > > > > This is my first post to this mailing list. > > I am not good at using English, so feel free to ask me > > if my text is hard to understand. > > R

Random SD termination state

2021-05-03 Thread Ryan O';Hara
For the past few weeks I have been trying to understand a problem that was brought to my attention when running a simple ab test through haproxy to a single Apache HTTP server. Attached are the config file and excerpts of the tcpdump. This is a simple setup with 3 VMs: - Client: 10.15.85.151 - H

Re: [ANNOUNCE] haproxy-2.2.0

2020-07-16 Thread Ryan O';Hara
On Fri, Jul 10, 2020 at 3:26 PM Илья Шипицин wrote: > instead of disabling Lua support, is it possible to build against Lua-5.3 ? > I recall there's Lua-5.3 on Fedora-33 > Right. I saw the same message, but it does not work. I sent a message to the Lua maintainer for Fedora last Friday and he se

Re: [ANNOUNCE] haproxy-2.2.0

2020-07-10 Thread Ryan O';Hara
On Thu, Jul 9, 2020 at 2:24 PM Tim Düsterhus wrote: > Ryan, > > Am 09.07.20 um 20:34 schrieb Ryan O'Hara: > > I'm currently packaging this for Fedora. It seems to build just fine on > > Fedora 32 and rawhide. Is there any new build options or dependencies to > b

Re: [ANNOUNCE] haproxy-2.2.0

2020-07-09 Thread Ryan O';Hara
On Tue, Jul 7, 2020 at 12:41 PM Willy Tarreau wrote: > Hi, > > HAProxy 2.2.0 was released on 2020/07/07. It added 24 new commits > after version 2.2-dev12. > This is great. Thank you to all who contributed to this release. I'm currently packaging this for Fedora. It seems to build just fine on

Re: [PATCH] BUG/MINOR: systemd: Wait for network to be online

2020-06-15 Thread Ryan O';Hara
aproxy-fails-on-restart/3469/10 On Mon, Jun 15, 2020 at 12:03 PM Ryan O'Hara wrote: > Change systemd service file to wait for network to be completely > online. This solves two problems: > > If haproxy is configured to bind to IP address(es) that are not yet > assigned, haproxy wo

[PATCH] BUG/MINOR: systemd: Wait for network to be online

2020-06-15 Thread Ryan O';Hara
d to use a resolver to resolve servers via DNS, haproxy would previously fail due to the fact that the network is not fully online yet. This is the most compelling reason for this patch. Signed-off-by: Ryan O'Hara --- contrib/systemd/haproxy.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 de

Re: HAProxy 2.0.10 and 2.1.0 RPM's

2019-12-16 Thread Ryan O';Hara
On Tue, Nov 26, 2019 at 9:20 PM Willy Tarreau wrote: > > Indeed that looks good. We'll need to include Ryan in this discussion, > he's the maintainer of the official RPMs for RHEL. I'm purposely not CCing > him as I know he's very busy this week, but I sense that we're starting to > see the light

Re: HAProxy 2.0.10 and 2.1.0 RPM's

2019-12-16 Thread Ryan O';Hara
On Tue, Nov 26, 2019 at 2:40 PM Russell Eason wrote: > Hello, > > Fedora upstream added it > https://src.fedoraproject.org/rpms/haproxy/c/45c57ba71174f308a5f59569bac0598bb31ef767 > , and can be seen as far back as F24 here > https://src.fedoraproject.org/rpms/haproxy/blob/f24/f/haproxy.spec . LUA

Re: haproxy-1.8 in Fedora

2018-01-05 Thread Ryan O';Hara
On Fri, Jan 5, 2018 at 3:12 PM, Aleksandar Lazic wrote: > Hi Ryan. > > -- Originalnachricht -- > Von: "Ryan O'Hara" > An: haproxy@formilux.org > Gesendet: 05.01.2018 17:19:15 > Betreff: haproxy-1.8 in Fedora > > Just wanted to inform Fedora use

haproxy-1.8 in Fedora

2018-01-05 Thread Ryan O';Hara
Just wanted to inform Fedora users that haproxy-1.8.3 is now in the master branch and built for Rawhide. I will not be updating haproxy to 1.8 in current stable releases of Fedora since I received some complaints about doing major updates (eg. 1.6 to 1.7) is previous stables releases. That said, th

[PATCH 2/2] Fix compiler warnings in halog.c

2017-12-15 Thread Ryan O';Hara
There were several unused variables in halog.c that each caused a compiler warning [-Wunused-but-set-variable]. This patch simply removes the declaration of said vairables and any instance where the unused variable was assigned a value. --- contrib/halog/halog.c | 25 - 1 f

[PATCH 1/2] Fix compiler warning in iprange.c

2017-12-15 Thread Ryan O';Hara
The declaration of main() in iprange.c did not specify a type, causing a compiler warning [-Wimplicit-int]. This patch simply declares main() to be type 'int' and calls exit(0) at the end of the function. --- contrib/iprange/iprange.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -

Re: Config file compatibility between 1.5 and 1.6

2016-01-06 Thread Ryan O';Hara
On Wed, Jan 06, 2016 at 03:11:12PM +0100, Baptiste wrote: > By the way, there are no 'appsession' any more :) Thanks, Baptiste! Ryan

Re: Config file compatibility between 1.5 and 1.6

2016-01-06 Thread Ryan O';Hara
On Wed, Jan 06, 2016 at 09:16:14AM +0100, Pavlos Parissis wrote: > > > On 06/01/2016 08:49 πμ, Baptiste wrote: > > On Tue, Jan 5, 2016 at 7:46 PM, Ryan O'Hara wrote: > >> > >> Are there any known incompatibilities between a config file for > >>

Config file compatibility between 1.5 and 1.6

2016-01-05 Thread Ryan O';Hara
Are there any known incompatibilities between a config file for haproxy version 1.5 and 1.6? Specifically, is there anything that is valid in 1.5 that is no longer valid in 1.6? I'm asking because I am considering a rebase of haproxy 1.6 in Fedora/RHEL but need to avoid such issues. If I recall, I

HAProxy 1.6 in Fedora/Rawhide

2015-10-30 Thread Ryan O';Hara
I've build HAProxy 1.6.1 for Rawhide (Fedora 24), but I'm not currently planning to add this to Fedora 23. If there is enough interest, I will gladly provide HAProxy 1.6.1 packages for Fedora 23, but they will most likely not be pushed into the updates repository. Long story there. Anyway, just w

man page for haproxy.cfg

2015-01-31 Thread Ryan O';Hara
I've been asked to provide a man page for haproxy.cfg, which would be a massive endeavor. Since Cyril has done such an excellent job generating the HTML documentation, how difficult would it be to grok this into man page format? Has anyone done it? Ryan

man page for haproxy.cfg

2015-01-31 Thread Ryan O';Hara
I've been asked to provide a man page for haproxy.cfg, which would be a massive endeavor. Since Cyril has done such an excellent job generating the HTML documentation, how difficult would it be to grok this into man page format? Has anyone done it? Ryan

Re: no-sslv3 option not working

2014-10-21 Thread Ryan O';Hara
On Tue, Oct 21, 2014 at 04:56:31PM +0200, Thomas Heil wrote: > Hi, > > On 21.10.2014 16:26, John Leach wrote: > > Hi, > > > > I'm trying to disable sslv3 with the "no-sslv3" bind option, but it's > > not working. > > > > The option is accepted and the restart is successful, but sslv3 is still > >

Re: active/passive stick-table not sticky

2014-10-13 Thread Ryan O';Hara
On Mon, Oct 13, 2014 at 08:13:29PM +0200, Benjamin Vetter wrote: > On 13.10.2014 16:54, Baptiste wrote: > >On Sun, Oct 12, 2014 at 6:47 PM, Benjamin Vetter wrote: > >>Hi, > >> > >>i'm using the example from > >>http://blog.haproxy.com/2014/01/17/emulating-activepassing-application-clustering-with-

Re: Binaries for HAProxy.

2014-07-16 Thread Ryan O';Hara
âfileâ > src/haproxy.c:1197: error: âstruct bind_confâ has no member named âargâ > src/haproxy.c:1198: error: âstruct bind_confâ has no member named âby_feâ > src/haproxy.c:1198: warning: type defaults to âintâ in declaration of > â__retâ > src/haproxy.c:1198: error: âstruct bind_confâ has

Re: Binaries for HAProxy.

2014-07-16 Thread Ryan O';Hara
On Wed, Jul 16, 2014 at 09:07:48AM -0500, Kuldip Madnani wrote: > My Linux Distribution is : > > Red Hat Enterprise Linux Server release 6.3 (Santiago) HAProxy is not included in RHEL 6.3. You will need RHEL 6.4 with Load Balancer AddOn or RHEL7. Ryan > On Wed, Jul 16, 2014 at 9:03 AM, Mathew L

Re: [ANNOUNCE] haproxy-1.5.0

2014-06-20 Thread Ryan O';Hara
On Fri, Jun 20, 2014 at 07:58:48PM +0200, Thomas Heil wrote: > On 20.06.2014 18:07, Ryan O'Hara wrote: > > On Fri, Jun 20, 2014 at 07:14:39AM +0200, Willy Tarreau wrote: > >> On Fri, Jun 20, 2014 at 03:35:55AM +0300, Eliezer Croitoru wrote: > >>> On 06/19

Re: [ANNOUNCE] haproxy-1.5.0

2014-06-20 Thread Ryan O';Hara
sier. It's hard to list them all, but if you don't build from sources, > > >you're likely running a package made and maintained by one of these people > > >: > > > - debian: Vincent Bernat, Apollon Oikonomopoulos, Prach Pongpanich > > > -

Re: [ANNOUNCE] haproxy-1.5.0

2014-06-19 Thread Ryan O';Hara
On Thu, Jun 19, 2014 at 09:54:29PM +0200, Willy Tarreau wrote: > Hi everyone, > > The list has been unusually silent today, just as if everyone was waiting > for something to happen :-) > > Today is a great day, the reward of 4 years of hard work. I'm announcing the > release of HAProxy 1.5.0. C

Re: [ANNOUNCE] haproxy-1.5-dev26 (and hopefully last)

2014-05-28 Thread Ryan O';Hara
On Wed, May 28, 2014 at 08:43:10PM +0200, Vincent Bernat wrote: > ❦ 28 mai 2014 18:11 +0200, Willy Tarreau  : > > > Feedback welcome as usual, > > When compiling with -Werror=format-security (which is a common settings > on a Debian-based distribution), we get: > > src/dumpstats.c:3059:4: erro

Re: Recommended strategy for running 1.5 in production

2014-04-17 Thread Ryan O';Hara
On Wed, Apr 16, 2014 at 11:12:07PM +0100, Kobus Bensch wrote: > I use haproxy on centos. So I build a RPM i then use in spacewalk to > first roll out to test, then post testing to production. I can add el6 to my copr build if you need an rpm build. Currently I'm only building 1.5-dev22 in copr for

haproxy 1.5 builds for fedora/rawhide

2014-03-11 Thread Ryan O';Hara
For those interested, I have built haproxy-1.5-dev22 for Fedora. The packages are located in a copr repo since the distribution repos still contain version 1.4. The project and repos can be found here: http://copr.fedoraproject.org/coprs/rohara/haproxy/ The SRPM can be found here: http://rohara

Re: haproxy-systemd-wrapper spawning multiple processes

2014-02-15 Thread Ryan O';Hara
On Sun, Feb 16, 2014 at 11:12:03AM +0900, Marc-Antoine Perennou wrote: > On Sat, 2014-02-15 at 20:04 -0600, Ryan O'Hara wrote: > > On Sun, Feb 16, 2014 at 10:08:31AM +0900, Marc-Antoine Perennou wrote: > > > > > This is why you get > > > > > >

Re: haproxy-systemd-wrapper spawning multiple processes

2014-02-15 Thread Ryan O';Hara
On Sun, Feb 16, 2014 at 10:08:31AM +0900, Marc-Antoine Perennou wrote: > Hi, > > On 16 February 2014 01:51, Ryan O'Hara wrote: > > > > I started tinkering with haproxy-systemd-wrapper recently and noticed > > that I get two haproxy processes when I start: &

haproxy-systemd-wrapper spawning multiple processes

2014-02-15 Thread Ryan O';Hara
I started tinkering with haproxy-systemd-wrapper recently and noticed that I get two haproxy processes when I start: # systemctl start haproxy # systemctl status haproxy haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled) Active: active

Re: 'packet of death' in 1.5-dev21.x86_64.el6_4

2014-02-07 Thread Ryan O';Hara
On Fri, Feb 07, 2014 at 07:23:42PM +0100, Lukas Tribus wrote: > Hi, > > > > Not a problem ... our Head of IS did a detailed write up on our > > investigation process and findings at his blog if you are interested: > > > > http://blog.tinola.com/?e=36 > > Thanks, thats really interesting and very

Re: RabbitMQ-HAProxy raising a exception.

2014-02-06 Thread Ryan O';Hara
abbitMQ cluster and have not hit any problems. The configuration I am using can be found here: http://openstack.redhat.com/RabbitMQ Ryan > Thanks & Regards, > Kuldip Madnani > > > > On Thu, Feb 6, 2014 at 2:08 PM, Ryan O'Hara wrote: > > > On Thu, Feb

Re: RabbitMQ-HAProxy raising a exception.

2014-02-06 Thread Ryan O';Hara
On Thu, Feb 06, 2014 at 02:05:07PM -0600, Kuldip Madnani wrote: > Hi, > > I am trying to connect my RabbitMQ cluster through HAProxy.When connected > directly to RabbitMQ nodes it works fine but when connected through HAProxy > it raises following exception : What are your client/server timeouts?

Re: Question about logging in HAProxy

2014-02-04 Thread Ryan O';Hara
On Tue, Feb 04, 2014 at 11:44:47PM +0100, Willy Tarreau wrote: > Hi Ryan, > > On Tue, Feb 04, 2014 at 04:00:14PM -0600, Ryan O'Hara wrote: > > On Tue, Feb 04, 2014 at 02:05:24PM -0600, Kuldip Madnani wrote: > > > Hi, > > > > > > I want to redirect t

Re: Question about logging in HAProxy

2014-02-04 Thread Ryan O';Hara
On Tue, Feb 04, 2014 at 02:05:24PM -0600, Kuldip Madnani wrote: > Hi, > > I want to redirect the logs generated by HAProxy into some specific file .I > read that in the global section in log option i can put a file location > instead of IP address.I tried using that setting but it dint work for me

Re: Use one backend server at a time

2014-01-31 Thread Ryan O';Hara
On Fri, Jan 31, 2014 at 04:32:45PM +0100, Willy Tarreau wrote: > On Fri, Jan 31, 2014 at 09:22:23AM -0600, Ryan O'Hara wrote: > > On Fri, Jan 31, 2014 at 08:39:46AM +0100, Willy Tarreau wrote: > > > On Thu, Jan 30, 2014 at 03:57:56PM -0600, Ryan O'Hara wrote: > >

Re: Use one backend server at a time

2014-01-31 Thread Ryan O';Hara
On Fri, Jan 31, 2014 at 08:39:46AM +0100, Willy Tarreau wrote: > On Thu, Jan 30, 2014 at 03:57:56PM -0600, Ryan O'Hara wrote: > > On Thu, Jan 30, 2014 at 08:03:37PM +0100, PiBa-NL wrote: > > > can you doublecheck the sticktable fills properly with the socket > > &g

Re: Use one backend server at a time

2014-01-30 Thread Ryan O';Hara
up --- Thanks for the assistance. Ryan > Ryan O'Hara schreef op 30-1-2014 19:50: > >On Thu, Jan 30, 2014 at 07:39:29PM +0100, PiBa-NL wrote: > >>This should (i expect) work with any number of backup servers, as > >>long as you only need 1 active. > >Yes,

Re: Use one backend server at a time

2014-01-30 Thread Ryan O';Hara
fails, the first backup gets the traffic as expected. Once the primary comes back online, it services all requests again. I'm using 1.4 and my configuration is nearly identical to the example shown in the blow, sans the peers. Ryan > Ryan O'Hara schreef op 30-1-2014 19:34: > &g

Re: Use one backend server at a time

2014-01-30 Thread Ryan O';Hara
o have more than just one backup. I'll try to find some time to experiment in the next few days. Thanks. Ryan > Ryan O'Hara schreef op 30-1-2014 17:42: > >I'd like to define a proxy (tcp mode) that has multiple backend > >servers yet only uses one at a time. In othe

Use one backend server at a time

2014-01-30 Thread Ryan O';Hara
I'd like to define a proxy (tcp mode) that has multiple backend servers yet only uses one at a time. In other words, traffic comes into the frontend and is redirected to one backend server. Should that server fail, another is chosen. I realize this might be an odd thing to do with haproxy, and if

Re: nice wiki doc of haproxy

2012-04-11 Thread Ryan O';Hara
On 04/08/2012 02:42 PM, Cyril Bonté wrote: Hi all, [snip] Feel free to give me some feedbacks. Again, help will be very welcomed to enhance the project and the documentation ;-) Great work. I'm already finding this web page indispensable. Thanks for doing this! Ryan