Possible bug - request forwarding to wrong backend

Hi, I have been struggling with this bug for a little while and wanted to report it and see if you can either help me or fix this bug. Here is a sample config file which shows the bug *global* *log 127.0.0.1 local0* *user nobody* *group nogroup* *daemon* *

Re: Possible bug - request forwarding to wrong backend

Vivek, Le lundi 04 avril 2011 11:21:55, Vivek Malik a écrit : Hi, I have been struggling with this bug for a little while and wanted to report it and see if you can either help me or fix this bug. Here is a sample config file which shows the bug (...) Basically, the config

Re: using haproxy for https

Joe, You need to run as many stunnel instances as number of SSL certificates. If the sites share SSL certificate, then one stunnel instance will do. I run stunnel 4.32 with patch from http://haproxy.1wt.eu/download/patches/on port 443 and forward it to port 81 on the same machine which is bound

Re: using haproxy for https

mailing list. Sent from my iPhone On Apr 10, 2011, at 8:20 AM, German Gutierrez germ...@olx.com wrote: BTW, will this patch ever go upstream? Why stunnel does not have this already? On Sat, Apr 9, 2011 at 11:43 PM, Vivek Malik vivek.ma...@gmail.com wrote: Joe, You need to run as many

Re: redirect prefix, use variable host

I found a hacky way to do it from mailing list archives http://www.mail-archive.com/haproxy@formilux.org/msg03323.html Regards, Vivek On Wed, Apr 20, 2011 at 10:09 PM, Vivek Malik vivek.ma...@gmail.com wrote: Hi, I am trying to issue a redirect via haproxy and want to reuse the host

Re: redirect prefix, use variable host

. Thanks, Vivek On Wed, Apr 20, 2011 at 10:43 PM, Vivek Malik vivek.ma...@gmail.com wrote: I found a hacky way to do it from mailing list archives http://www.mail-archive.com/haproxy@formilux.org/msg03323.html Regards, Vivek On Wed, Apr 20, 2011 at 10:09 PM, Vivek Malik vivek.ma

Re: Graceful configuration changes?

haproxy -f /etc/haproxy.cfg -sf $(cat $PIDFILE) would do it haproxy -h HA-Proxy version 1.4.18 2011/09/16 Copyright 2000-2011 Willy Tarreau w...@1wt.eu Usage : haproxy [-f cfgfile]* [ -vdVD ] [ -n maxconn ] [ -N maxpconn ] [ -p pidfile ] [ -m max megs ] -v displays version ; -vv

client side keep-alive (http-server-close vs httpclose)

We have been using haproxy in production for around 6 months while using httpclose. We use functions like reqidel, reqadd to manipulate request headers and use_backend to route a request to a specific backend. We run websites which often have ajax calls and load javascripts and css files from the

Re: haproxy and multi location failover

DNS propagation can take a long time based on my experience. We have a similar problem where we host multiple identical setups in different EC2 availability zones. We have been thinking of having DNS entry with multiple A records for load distribution and failover. However, that doesn't solve

Re: haproxy and multi location failover

May I ask what some of the acronyms in this email thread stand for RHI - AS - GSLB - Thanks, Vivek On Tue, Nov 1, 2011 at 2:26 PM, Baptiste bed...@gmail.com wrote: True :) Despite short TTLs, some client would take a long time to failover. But it's the only option unless you own your AS and

Re: SSL Pass through and sticky session

You are running haproxy in a tcp mode since you are relaying SSL and decrypting on the backend. Cookies can only be analyzed in HTTP mode. Not sure how to do sticky sessions in tcp mode. Vivek On Mon, Nov 7, 2011 at 2:03 PM, Mir Islam mis...@mirislam.com wrote: Is it possible to utilize some

Re: Autoscaling in haproxy with persistence sessions

to support being deleted/cleared through the socket interface. Is it possible to do something similar to clean appsessions? Or maybe store appsession in a stick-table and clear the session through socket command? /E From: Vivek Malik [mailto:vivek.ma...@gmail.com] Sent: den 7 november 2011 11

Re: HTTP - HTTPS redirects

We have the same situation where we accept traffic for a long list of domains. We solve the problem by adding the following for each domain redirect prefix https://sub.domain.com if !is_https make_https { hdr(host) sub.eqaldev.com } The above solution only works if the list of the subdomains is

Re: Is there any method to block malicious clients

Haproxy 1.5 has src_conn_rate which can be used for that. I personally haven't used it. I just remember reading about it. Vivek On Tue, Mar 13, 2012 at 8:30 AM, Jerry Champlin j...@absolute-performance.com wrote: One way to do this is to find it in the logs with a script and then have that

Re: [ANNOUNCE] haproxy 1.4.21

A recommended upgrade for all production users. While we are not (generally) affected by the bugs fixed in haproxy stable version. I recommend updating haproxy. I can update haproxy bin in puppet and can check it in (we distribute haproxy binary via puppetmaster). Aiman, Please update

Re: request per second statistics

I did something similar for graphite using bash and socat to read from haproxy socket. Script at http://pastebin.com/ccenegXb Regards, Vivek On Tue, Oct 2, 2012 at 4:08 PM, Joel Krauska jkrau...@gmail.com wrote: I use something like this: (it has a few things that are specific to my

Re: HAProxy sometimes selects wrong acl

You need to add option httpclose or option http-server-close so that haproxy doesn't act in the tunnel mode (default behavior). Regards, Vivek On Thu, Oct 11, 2012 at 5:33 PM, Milan Babuskov milan.babus...@gmail.comwrote: Hello, I'm using HAProxy 1.4.22. I have the following haproxy.conf

Re: HAProxy sometimes selects wrong acl

balancer all together. However, there might be better ways to do it which I am not aware of. Regards, Vivek On Sun, Oct 14, 2012 at 7:46 PM, Vivek Malik vivek.ma...@gmail.com wrote: I am not sure of how mikrokit could be having problems with http-server-close. http-server-close only affects

Re: Stick on extracted regex value from header

. Is there a plan to add stick table pattern extraction which includes extraction values from path or header using regular expressions? Thanks, Vivek On Fri, Mar 1, 2013 at 12:54 AM, Baptiste bed...@gmail.com wrote: On Thu, Feb 28, 2013 at 7:28 PM, Vivek Malik vivek.ma...@gmail.com wrote: Hi, I see

Custom authentication integration

Hi, I would like to set up a configuration where users are required to authenticate via a custom authentication web app before navigating to the content backend. I was thinking on lines of haproxy server sending the request to the auth server when a map entry is missing. When the user

map peering tcp vs unix socket call url before forwarding

Hi, I have a few questions around setting up a customized haproxy farm. I am combining all my questions in single email. 1) Map peering Is it possible to peer maps across haproxy running on multiple machines? Or store key, value pairs inside stick table (which supports peering). 2) Backend of

rand(x) output limited to x/2

Hi, I am using rand(x) in configuration to make some routing decisions. I am basically load balancing between backends and using the following configuration use_backend bk_1 { rand(100) le 50 } default_backend bk_2 However, I am not seeing any traffic going to bk_2 and all traffic goes to bk_1.

Re: Can't get HAProxy to support Forward Secrecy FS

Are you putting in DH parameters in mycert.pem? PFS depends on using DH algorithm to exchange and create a secret for the connection. openssl dhparam 2048 mycert.pem should add the DH parameters to the cert file. Regards, Vivek On Mon, Dec 8, 2014 at 4:44 PM, Sander Rijken

Re: rand(x) output limited to x/2

Hi Vincent, Thanks for the patch. I was able to verify that the patch made the distribution uniform over a large (300+) output from rand. Regards, Vivek On Mon, Dec 8, 2014 at 4:45 PM, Vincent Bernat ber...@luffy.cx wrote: ❦ 8 décembre 2014 23:20 +0100, Vincent Bernat ber...@luffy.cx :

Re: using HAProxy in front of SSO

Hi, AFAIK, Haproxy doesn't have a subrequest feature. However, there are other design solutions possible to make Haproxy as SSO filter. I am using Haproxy is a similar fashion. I have coded my SSO to notify Haproxy whenever a new SSO authentication session is added. Haproxy adds that session id

Feature requests: set-cookie dynamic value / urlencode, urldecode

Hi, I am trying to redirect a user to login page if not logged in and redirect the user back to original page after login. The login page is on a different domain than the primary domain where requests are coming. I have a few questions/feature requests related to http-request redirect a)

Re: Problems about Hot Configuration of Haproxy

Please see http://www.mail-archive.com/haproxy@formilux.org/msg06885.html The summary being iptables -I INPUT -p tcp --dport $PORT --syn -j DROP sleep 1 service haproxy restart iptables -D INPUT -p tcp --dport $PORT --syn -j DROP Regards, Vivek On Tue, Jan 20, 2015 at 1:11 AM, hu.zhang

Re: Round Robin not very random

I see roubdrobin working perfectly over here. Look at sessions total and see how they are same for every server. It seems that all your requests are not the same workload. Some servers or some requests are taking longer to fulfill and increasing load on servers. Have you tried using leastconn

Re: http-request set-map key as fixed string

missing something in my configuration. Regards, Vivek On Fri, Feb 27, 2015 at 8:20 PM, Vivek Malik vivek.ma...@gmail.com wrote: Hi, I am trying to use http-request set-map with fixed strings which are defined in config file. Example lines http-request set-map(motion.map) monday %[date

Re: http-request set-map key as fixed string

: epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. On Sat, Feb 28, 2015 at 1:26 AM, Baptiste bed...@gmail.com wrote: On Sat, Feb 28, 2015 at 3:22 AM, Vivek Malik vivek.ma...@gmail.com wrote: (Sorry

http-request set-map key as fixed string

Hi, I am trying to use http-request set-map with fixed strings which are defined in config file. Example lines http-request set-map(motion.map) monday %[date()] if acl_1 http-request set-map(motion.map) tuesday %[date()] if acl_2 Note that monday and tuesday are literal string and not

bug? rand based acl keep re-evaluating

Hi, I spent last few hours scratching my head and wondering where my configuration was wrong and why was it acting weird. Sending this to ML to see if this is a bug or expected behavior. I expected ACL to evaluate its condition only once and store the true/false outcome, however with rand(), I

Is www.haproxy.org down?

Hi, I am getting 500 Internal Server Error on the haproxy.org website. Various websites like http://downforeveryoneorjustme.com/www.haproxy.org http://www.isitdownrightnow.com/haproxy.org.html http://www.websitenotworking.com/haproxy.org confirm that the website is down for them too. Regards,

Re: help for setting up haproxy using Linux system proxy

I had faced the same issue and have documented my solution at https://www.mail-archive.com/haproxy@formilux.org/msg26387.html Regards, Vivek On Sat, Jul 8, 2017 at 5:44 AM, Aaron West wrote: > On 8 July 2017 at 11:25, Aaron West wrote: >> for me

squid between haproxy and backend server

Hi, I am using haproxy for path based routing and am trying to forward traffic to another datacenter under certain conditions. However, the traffic must go via explicit proxy server (squid). The traffic is getting forwarded to an https endpoint in AWS fronted by ELB. Is there a way to define

Re: squid between haproxy and backend server

uldn't figure out if I can force a CONNECT via lua to the backend before haproxy starts forwarding the request to backend. Regards, Vivek On Sun, Jun 11, 2017 at 11:22 PM, Vivek Malik <vivek.ma...@gmail.com> wrote: > Hi, > > I am using haproxy for path based routing and am t