Re: Help

2021-07-16 Thread Aleksandar Lazic
Hi. On 16.07.21 14:34, Anilton Silva Fernandes wrote: Hi there… Can I get another HELP: This time, I want to receive a request, and check for URL to know which backend should be call. This is my config: frontend web_accounts     mode tcp     bind 10.15.1.12:443     default_backend

Re: FYI: kubernetes api deprecation in 1.22

2021-07-16 Thread Aleksandar Lazic
On 16.07.21 10:27, Илья Шипицин wrote: I wonder if Kubernetes has sort of ingress compliance test. Or is it up to ingress itself Yes, there is such a thing but I never used it. https://github.com/kubernetes-sigs/ingress-controller-conformance On Fri, Jul 16, 2021, 1:21 PM Aleksandar Lazic

FYI: kubernetes api deprecation in 1.22

2021-07-16 Thread Aleksandar Lazic
Hi. FYI that the 1.22 have some changes which also impacts Ingress and Endpoints. https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22 Regards Alex

Re: Long broken option http_proxy: should we kill it ?

2021-07-10 Thread Aleksandar Lazic
On 08.07.21 19:44, Aleksandar Lazic wrote: On 08.07.21 18:33, Willy Tarreau wrote: Hi all, Amaury discovered that "option http_proxy" was broken. I quickly checked when it started, and it got broken with the introduction of HTX in 1.9 three years ago. It still used to work in l

Re: Long broken option http_proxy: should we kill it ?

2021-07-08 Thread Aleksandar Lazic
On 08.07.21 18:33, Willy Tarreau wrote: Hi all, Amaury discovered that "option http_proxy" was broken. I quickly checked when it started, and it got broken with the introduction of HTX in 1.9 three years ago. It still used to work in legacy mode in 1.9 and 2.0 but 2.0 uses HTX by default and

Re: Proposal about new default SSL log format

2021-07-03 Thread Aleksandar Lazic
On 03.07.21 13:27, Илья Шипицин wrote: сб, 3 июл. 2021 г. в 16:22, Aleksandar Lazic mailto:al-hapr...@none.at>>: Hi Remi. On 02.07.21 16:26, Remi Tricot-Le Breton wrote: > Hello list, > > Some work in ongoing to ease connection error and SSL handshake

Re: Proposal about new default SSL log format

2021-07-03 Thread Aleksandar Lazic
Hi Remi. On 02.07.21 16:26, Remi Tricot-Le Breton wrote: Hello list, Some work in ongoing to ease connection error and SSL handshake error logging. This will rely on some new sample fetches that could be added to a custom log-format string. In order to ease SSL logging and debugging, we will

Line 47 in src/queue.c "s * queue's lock."

2021-06-24 Thread Aleksandar Lazic
Hi. when someone works again on src/queue.c could be this typo fixed. http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/queue.c;h=6d3aa9a12bcd6078d1b5a76969da4104a6adb1bd;hb=HEAD#l47 ``` 44 * - a pendconn_add() is only performed by the stream which will own the 45 * pendconn ; the

Re: Weird behavior of spoe between http and https requests

2021-06-11 Thread Aleksandar Lazic
Hi. On 11.06.21 18:07, Aleksandar Lazic wrote: Hi. I use haproxy 2.4 with this fe config. ``` global     log stdout format raw daemon     daemon     maxconn 2     stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners     stats timeout 30s

Weird behavior of spoe between http and https requests

2021-06-11 Thread Aleksandar Lazic
Hi. I use haproxy 2.4 with this fe config. ``` global log stdout format raw daemon daemon maxconn 2 stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s tune.ssl.default-dh-param 2048 # Default SSL material locations

[PATCH] DOC: use the req.ssl_sni in examples

2021-06-05 Thread Aleksandar Lazic
Hi. This patch fixes the usage of req_ssl_sni in the doc. Any plan to remove the old keyword or add some warning that this keyword is deprecated? Regards Alex >From 84fe0fa89548c384322f47bc3eb37ea9843d0eb8 Mon Sep 17 00:00:00 2001 From: Alex Date: Sat, 5 Jun 2021 13:23:08 +0200 Subject:

Re: Proxy Protocol - any browser proxy extensions that support ?

2021-06-04 Thread Aleksandar Lazic
On 04.06.21 21:32, Jim Freeman wrote: https://developer.chrome.com/docs/extensions/reference/proxy/ supports SOCKS4/SOCKS5 Does anyone know of any in-browser VPN/proxy extensions that support Willy's Proxy Protocol ? https://www.haproxy.com/blog/haproxy/proxy-protocol/ enumerates some of the

Re: Maybe stupid question but, I don't see a fetch method for %rt => StreamID

2021-06-04 Thread Aleksandar Lazic
On 02.06.21 11:38, Christopher Faulet wrote: Le 6/1/21 à 8:26 PM, Aleksandar Lazic a écrit : On 01.06.21 14:23, Tim Düsterhus wrote: Aleks, On 6/1/21 10:30 AM, Aleksandar Lazic wrote: This phrasing is understandable to me, but now I'm wondering if this is the best solution. Maybe the already

Re: Maybe stupid question but, I don't see a fetch method for %rt => StreamID

2021-06-01 Thread Aleksandar Lazic
On 01.06.21 14:23, Tim Düsterhus wrote: Aleks, On 6/1/21 10:30 AM, Aleksandar Lazic wrote: This phrasing is understandable to me, but now I'm wondering if this is the best solution. Maybe the already existing user-configurable unique request ID should instead be sent to the SPOE

Re: Maybe stupid question but, I don't see a fetch method for %rt => StreamID

2021-06-01 Thread Aleksandar Lazic
Tim, Jun 1, 2021 9:50:17 AM Tim Düsterhus : > Aleks, > > On 6/1/21 1:03 AM, Aleksandar Lazic wrote: >>>>  srv_conn([/]) : integer >>>>    Returns an integer value corresponding to the number of currently >>>> established >>>>   

Re: Maybe stupid question but, I don't see a fetch method for %rt => StreamID

2021-05-31 Thread Aleksandar Lazic
Tim. On 31.05.21 23:23, Tim Düsterhus wrote: Aleks, On 5/31/21 9:35 PM, Aleksandar Lazic wrote: While I try to get the stream id from spoa I recognized that there is no fetch method for the streamID. Attached a patch which adds the fetch sample for the stream id. I assume it could be back

[PATCH] DOC/MINOR: move uuid in the configuration to the right, alphabetical order

2021-05-31 Thread Aleksandar Lazic
Fix alphabetical order of uuid >From bb84a45b848b879f41ab37343b50057323a6ff19 Mon Sep 17 00:00:00 2001 From: Alexandar Lazic Date: Tue, 1 Jun 2021 00:27:01 +0200 Subject: [PATCH] DOC/MINOR: move uuid in the configuration to the right alphabetical order This patch can be backported up to 2.1

Re: Maybe stupid question but, I don't see a fetch method for %rt => StreamID

2021-05-31 Thread Aleksandar Lazic
Hi. On 31.05.21 14:23, Aleksandar Lazic wrote: Hi. While I try to get the stream id from spoa I recognized that there is no fetch method for the streamID. Attached a patch which adds the fetch sample for the stream id. I assume it could be back ported up to version 2.0 Regards Alex

Maybe stupid question but, I don't see a fetch method for %rt => StreamID

2021-05-31 Thread Aleksandar Lazic
Hi. While I try to get the stream id from spoa I recognized that there is no fetch method for the streamID. The discussion is here. https://github.com/criteo/haproxy-spoe-go/issues/28 That's the sid in filter spoa log output. SPOE: [agent-on-http-req] sid=88 st=0 0/0/0/0/0 1/1 0/0 10/33

Old Github Issue

2021-05-25 Thread Aleksandar Lazic
Hi. I wanted to cleanup some old issues but was not able due to the fact that I'm not sure if the bugs are still valid, especially for 1.8/1.9 and previous versions. https://github.com/haproxy/haproxy/issues?page=10=is%3Aissue+is%3Aopen It would be nice when someone with more knowledge then I

Re: Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

2021-05-02 Thread Aleksandar Lazic
On 01.05.21 19:45, Julien Pivotto wrote: On 01 May 18:40, Aleksandar Lazic wrote: On 01.05.21 14:38, Julien Pivotto wrote: I do not know what you are trying to achieve. I try to add on the first line of defense => HAProxy, the possibility to protect the backend attack without to t

Re: Brainstorming to add JWT verify to HAPoxy

2021-05-01 Thread Aleksandar Lazic
On 01.05.21 15:08, Tim Düsterhus wrote: Aleks, On 5/1/21 1:42 PM, Aleksandar Lazic wrote: # Extract the JSON Web Algorithms (JWA) from Bearer Token. http-request set-var(txn.jwt_algo) req.hdr(Authorization),word(1,.),ub64dec,json_query('$.alg')  if bearer_header_exist Trusting

Re: Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

2021-05-01 Thread Aleksandar Lazic
ell yes, thanks for shareing. There are some envirnoments where you can't use SPOE and therfore it would be nice to have the option to verify the Token before any connections goes to any backend or SPOE agent. On 01 May 13:42, Aleksandar Lazic wrote: On 30.04.21 02:01, Aleksandar Lazic wr

Re: [ANNOUNCE] haproxy-2.4-dev18

2021-05-01 Thread Aleksandar Lazic
Hi. On 01.05.21 09:14, Willy Tarreau wrote: Hi, HAProxy 2.4-dev18 was released on 2021/05/01. It added 51 new commits after version 2.4-dev17. It seems that it's been quite a calm week in terms of development, with most of the time having been spent on old bugs that are not even *that*

Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

2021-05-01 Thread Aleksandar Lazic
On 30.04.21 02:01, Aleksandar Lazic wrote: Hi. I think about to integrate the "l8w8jwt_decode(...)" into HAProxy. https://github.com/GlitchedPolygons/l8w8jwt The RS* methods requires some "RSA_PRIVATE_KEY[] = ..." and I'm not sure what's the best method for a sampl

What's the "best" way to read a file in a sample converter

2021-04-29 Thread Aleksandar Lazic
Hi. I think about to integrate the "l8w8jwt_decode(...)" into HAProxy. https://github.com/GlitchedPolygons/l8w8jwt The RS* methods requires some "RSA_PRIVATE_KEY[] = ..." and I'm not sure what's the best method for a sample to read such a key in HAProxy converters. My suggestion for the

[PATCH] DOC: general: fix example in set-timeout

2021-04-27 Thread Aleksandar Lazic
Hi. attach the fix for set-timeout. Regards Alex >From 8ca8f7385a16894a6c74cd31d1b8507fc32fb36e Mon Sep 17 00:00:00 2001 From: Alex Date: Tue, 27 Apr 2021 12:57:07 +0200 Subject: [PATCH] DOC: general: fix example in set-timeout The alternative arguments are always in curly brackets, let's fix

[PATCH] DOC: general: fix white spaces for HTML converter

2021-04-24 Thread Aleksandar Lazic
Hi. The HTML converter expects some formats to recognize if a keyword is a keyword. Regards alex >From 9ed588c09a3ceb3af62bc9e4f9c7950fe0c58c7f Mon Sep 17 00:00:00 2001 From: Alex Date: Sat, 24 Apr 2021 13:02:21 +0200 Subject: [PATCH] DOC: general: fix white spaces for HTML converter The HTML

Re: HAproxy Origin header 403 forbidden

2021-04-17 Thread Aleksandar Lazic
Hi. Please can you share youre config an haproxy -vv Regards Alex Apr 17, 2021 5:34:38 PM Marcello Lorenzi : > Hi All, > We're experiencing an issue on our haproxy 2.2 instance. We configured some > backends and all worked fine but if we tried to forward some requests with > the header

Re: [PATCH v2 0/8] URI normalization / Issue #714

2021-04-17 Thread Aleksandar Lazic
On 17.04.21 13:23, Tim Düsterhus wrote: Willy, On 4/17/21 12:09 PM, Willy Tarreau wrote: With the renaming already made I consider the configuration syntax to be stable enough for a 2.4. I'll leave the final decision regarding that up to you, though. Especially since 2.4 is going to be an LTS.

Bandwidth limitation in HAProxy

2021-04-16 Thread Aleksandar Lazic
Hi. How difficult will it be to add a bandwidth limitation into HAProxy similar to the nginx feature? https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate Regards Aleks

Re: [PATCH] MINOR: sample: add json_string

2021-04-15 Thread Aleksandar Lazic
On 15.04.21 17:09, Willy Tarreau wrote: On Thu, Apr 15, 2021 at 04:49:00PM +0200, Aleksandar Lazic wrote: #define JSON_INT_MAX ((1ULL << 53) - 1) ^ Sorry I was not clear, please drop that 'U' here. I'm also sorry, I was in a tunnel :-/ Attached now th

Re: [PATCH] MINOR: sample: add json_string

2021-04-15 Thread Aleksandar Lazic
On 15.04.21 16:09, Willy Tarreau wrote: On Thu, Apr 15, 2021 at 04:05:27PM +0200, Aleksandar Lazic wrote: Well I don't think so because 4 is still bigger then -9007199254740991 ;-) This is because *you* think it is -9007199254740991 but the reality is that it's not this.due to ULL

Re: [PATCH] MINOR: sample: add json_string

2021-04-15 Thread Aleksandar Lazic
On 15.04.21 15:55, Willy Tarreau wrote: On Thu, Apr 15, 2021 at 03:41:18PM +0200, Aleksandar Lazic wrote: Now when I remove the check "smp->data.u.sint < 0" every positive value is bigger then JSON INT_MIN and returns 0. But don't you agree that this test DOES nothing ? If it

Re: [PATCH] MINOR: sample: add json_string

2021-04-15 Thread Aleksandar Lazic
On 15.04.21 14:48, Willy Tarreau wrote: On Thu, Apr 15, 2021 at 02:17:45PM +0200, Aleksandar Lazic wrote: I, by far, prefer Tim's proposal here, as I do not even understand the first one, sorry Aleks, please don't feel offended :-) Well you know my focus is to support HAProxy and therefore

Re: [PATCH] MINOR: sample: add json_string

2021-04-15 Thread Aleksandar Lazic
On 15.04.21 09:08, Willy Tarreau wrote: On Wed, Apr 14, 2021 at 09:52:31PM +0200, Aleksandar Lazic wrote: +   - string  : This is the default search type and returns a String; +   - boolean : If the JSON value is not a String or a Number +   - number  : When the JSON value is a Number

Re: [PATCH] MINOR: sample: add json_string

2021-04-14 Thread Aleksandar Lazic
On 14.04.21 18:41, Tim Düsterhus wrote: Aleks, On 4/14/21 1:19 PM, Aleksandar Lazic wrote: From 46ddac8379324b645c662e19de39d5de4ac74a77 Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic Date: Wed, 14 Apr 2021 13:11:26 +0200 Subject: [PATCH 2/2] MINOR: sample: converter: Add json_query

Re: [PATCH] MINOR: sample: add json_string

2021-04-14 Thread Aleksandar Lazic
Hi. here now the current version of the patches. Regards Aleks. On 14.04.21 10:45, Aleksandar Lazic wrote: On 14.04.21 04:36, Willy Tarreau wrote: On Wed, Apr 14, 2021 at 03:02:20AM +0200, Aleksandar Lazic wrote: But then, could it make sense to also support "strict integers&quo

Re: [PATCH] MINOR: sample: add json_string

2021-04-14 Thread Aleksandar Lazic
On 14.04.21 04:36, Willy Tarreau wrote: On Wed, Apr 14, 2021 at 03:02:20AM +0200, Aleksandar Lazic wrote: But then, could it make sense to also support "strict integers": values that can accurately be represented as integers and which are within the JSON valid range for integers (-2^

Re: [PATCH] MINOR: sample: add json_string

2021-04-13 Thread Aleksandar Lazic
On 13.04.21 11:26, Willy Tarreau wrote: Hi Aleks, On Mon, Apr 12, 2021 at 10:09:08PM +0200, Aleksandar Lazic wrote: Hi. another patch which honer the feedback. Thank you. FWIW I agree with all the points reported by Tim. I'll add a few comments and/or suggestions below. On a general note

Re: [PATCH] JWT payloads break b64dec convertor

2021-04-12 Thread Aleksandar Lazic
Hi Moemen, any chance to get this feature before 2.4 will be realeased? Regards Aleks On 06.04.21 09:13, Willy Tarreau wrote: Hi Moemen, On Tue, Apr 06, 2021 at 01:58:11AM +0200, Moemen MHEDHBI wrote: Only part unclear: On 02/04/2021 15:04, Tim Düsterhus wrote: +int base64urldec(const char

Re: [PATCH] MINOR: sample: add json_string

2021-04-12 Thread Aleksandar Lazic
h; smp->data.type = SMP_T_STR; ``` I have also add more tests with some specific JSON types. Regards Aleks On 11.04.21 13:04, Tim Düsterhus wrote: Aleks, On 4/11/21 12:28 PM, Aleksandar Lazic wrote: Agree. I have now rethink how to do it and s

Re: [PATCH] MINOR: sample: add json_string

2021-04-11 Thread Aleksandar Lazic
On 10.04.21 13:22, Tim Düsterhus wrote: Aleks, On 4/10/21 12:24 AM, Aleksandar Lazic wrote: +json_string() : string I don't like the name. A few suggestions: - json_query - json_get - json_decode maybe json_get_string because there could be some more getter like bool, int

Re: [PATCH] MINOR: sample: add json_string

2021-04-09 Thread Aleksandar Lazic
ry because it was small and offers the JSON path feature. On 4/8/21 10:21 PM, Aleksandar Lazic wrote: From 7ecb80b1dfe37c013cf79bc5b5b1caa3c0112a6a Mon Sep 17 00:00:00 2001 From: Alekesandar Lazic Date: Thu, 8 Apr 2021 21:42:00 +0200 Subject: [PATCH] MINOR: sample: add json_string I'd add 'conv

Re: [PATCH] MINOR: sample: add json_string

2021-04-08 Thread Aleksandar Lazic
Hi. Sorry I have now seen the copy paste error. please use this patch Regards Alex On 08.04.21 21:55, Aleksandar Lazic wrote: Hi. Attached the patch to add the json_string sample. In combination with the JWT patch is a pre-validation of a bearer token part possible. I have something like

[PATCH] MINOR: sample: add json_string

2021-04-08 Thread Aleksandar Lazic
NTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. + +// Aleksandar Lazic +// git clone from 2021-08-04 because of this fix +// https://github.com/cesanta/mjson/commit/7d8daa8586d2bfd599775f049f26d2645c25a

Re: help for implementation of first fetch function "sample_fetch_json_string"

2021-04-08 Thread Aleksandar Lazic
Tim, you are great ;-) On 08.04.21 18:14, Tim Düsterhus wrote: Aleks, On 4/8/21 5:07 PM, Aleksandar Lazic wrote: http-request set-var(sess.json) %[req.hdr(Authorization),b64dec,json_string("\$.kubernetes\\.io/serviceaccount/namespace")] http-request set-var() does not expect the

help for implementation of first fetch function "sample_fetch_json_string"

2021-04-08 Thread Aleksandar Lazic
Hi. I try to implement "sample_fetch_json_string" based on https://github.com/cesanta/mjson. Because I haven't implemented a fetch function until now it would be nice when somebody helps me and point me into the right direction. Maybe I have overseen a documentation in the doc directory.

Re: [HAP 2.4-dev] Quotes in str fetch sample

2021-04-08 Thread Aleksandar Lazic
t-length: 10 < content-type: text/plain ``` ``` http-request set-var(req.json) req.hdr(Authorization),b64dec http-request return status 200 content-type text/plain lf-string %[date] hdr x-var "json=%[var(req.json)] val=%[var(sess.json)]" ``` regards alex On 08.04.21 01:27, Al

[HAP 2.4-dev] Quotes in str fetch sample

2021-04-07 Thread Aleksandar Lazic
Hi. I try to implement "sample_fetch_json_string" based on https://github.com/cesanta/mjson. My current test looks good but I'm struggling with the test setup. ``` git-repos/haproxy$ ./haproxy -c -f ../test-haproxy.conf [NOTICE] 097/012132 (1043229) : haproxy version is 2.4-dev15-8daf8d-30

Re: zlib vs slz (perfoarmance)

2021-03-30 Thread Aleksandar Lazic
+1 On 30.03.21 08:17, Илья Шипицин wrote: I would really like to know whether zlib was chosen for purpose or by chance. And yes, some marketing campaign makes sense On Tue, Mar 30, 2021, 10:35 AM Dinko Korunic mailto:dinko.koru...@gmail.com>> wrote: > On 29.03.2021., at 23:06, Lukas

Re: Is there a way to deactivate this "message repeated x times"

2021-03-29 Thread Aleksandar Lazic
On 29.03.21 18:55, Lukas Tribus wrote: Hello, On Mon, 29 Mar 2021 at 15:25, Aleksandar Lazic wrote: Hi. I need to create some log statistics with awffull stats and I assume this messages means that only one line is written for 3 requests, is this assumption right? Mar 28 14:04:07 lb1

Is there a way to deactivate this "message repeated x times"

2021-03-29 Thread Aleksandar Lazic
Hi. I need to create some log statistics with awffull stats and I assume this messages means that only one line is written for 3 requests, is this assumption right? Mar 28 14:04:07 lb1 haproxy[11296]: message repeated 3 times: [ ::::49445 [28/Mar/2021:14:04:07.234] https-in~

[HAP 2.3.8] some missunderstandint of Session state and server correlation

2021-03-27 Thread Aleksandar Lazic
Hi. As I understand the LH and LR combo right should no server be involved. I expected in the https-in line also a "" but there is the "be_default/default_prim". Do I missunderstand the 'L' flag which is described as below ``` the session was locally processed by haproxy and was not passed to

Re: [HAP 2.3.8] Is there a way to see why "" and "SSL handshake failure" happens

2021-03-27 Thread Aleksandar Lazic
On 27.03.21 12:01, Lukas Tribus wrote: Hello, On Sat, 27 Mar 2021 at 11:52, Aleksandar Lazic wrote: Hi. I have a lot of such entries in my logs. ``` Mar 27 11:48:20 lb1 haproxy[14556]: ::::23167 [27/Mar/2021:11:48:20.523] https-in~ https-in/ -1/-1/-1/-1/0 0 0 - - PR-- 1041/1011/0/0/0

[HAP 2.3.8] Is there a way to see why "" and "SSL handshake failure" happens

2021-03-27 Thread Aleksandar Lazic
Hi. I have a lot of such entries in my logs. ``` Mar 27 11:48:20 lb1 haproxy[14556]: ::::23167 [27/Mar/2021:11:48:20.523] https-in~ https-in/ -1/-1/-1/-1/0 0 0 - - PR-- 1041/1011/0/0/0 0/0 "" Mar 27 11:48:20 lb1 haproxy[14556]: ::::23167 [27/Mar/2021:11:48:20.523] https-in~ https-in/

Which mode for Quic?

2021-03-02 Thread Aleksandar Lazic
Hi. I assume that QUIC is a dedicated mode right? Something like h3 : mode=QUIC side=FE|BE mux=H3 ``` Available multiplexer protocols : (protocols marked as cannot be specified using 'proto' keyword) h2 : mode=HTTP side=FE|BE mux=H2

Re: Setting up haproxy for tomcat SSL Valve

2021-02-25 Thread Aleksandar Lazic
On 25.02.21 07:38, Jarno Huuskonen wrote: Hi, On Thu, 2021-02-25 at 03:24 +0100, Aleksandar Lazic wrote: Hi. I try to setup HAProxy (precisely  OpenShift Router :-)) to send the TLS/SSL Client Information's to tomcat. On the SSL Valve page are the following parameters available. http

Setting up haproxy for tomcat SSL Valve

2021-02-24 Thread Aleksandar Lazic
Hi. I try to setup HAProxy (precisely OpenShift Router :-)) to send the TLS/SSL Client Information's to tomcat. On the SSL Valve page are the following parameters available. http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#SSL_Valve ``` sslClientCertHeader: Allows setting a custom

Re: Apache Proxypass mimicing ?

2021-02-22 Thread Aleksandar Lazic
Hi. On 22.02.21 01:31, Igor Cicimov wrote: But if I do some configuration tweaks in "wp-config.php", like adding the following two lines : define('WP_HOME', 'https://front1.domain.local '); define('WP_SITEURL', 'https://front1.domain.local

Re: Apache Proxypass mimicing ?

2021-02-18 Thread Aleksandar Lazic
HI. On 18.02.21 10:12, spfma.t...@e.mail.fr wrote: Hi, I would like to setup a reverse proxy with SSL termination to allow something like : https://front1.domain proxying http://back1.otherdomain:8000 (and maybe one day back2) https://front2.domain proxying http://back3.otherdomain:5000 >

[PATCH] DOC/MINOR: ROADMAP: adopt the Roadmap to the current state

2021-02-05 Thread Aleksandar Lazic
Hi. attached a patch for the Roadmap. There is also the bandwidth limitation as open entry due to this fact I assume it's not easy to handle bandwith limitation within haproxy. Regards Aleks >From 8a77687ca480feb286fd394d533570b079d4be27 Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic D

Re: HAProxy ratelimit based on bandwidth

2021-02-05 Thread Aleksandar Lazic
On 26.01.21 20:27, Aleksandar Lazic wrote: Hi. On 26.01.21 05:54, Sangameshwar Babu wrote: > Hello Team, > > I would like to get some suggestions on setting up ratelimit on HAProxy 1.8 version, > my current setup is as below. > > 1000+ rsyslog clients(TCP) -&

Re: Question about rfc8441 (Bootstrapping WebSockets with HTTP/2)

2021-01-29 Thread Aleksandar Lazic
On 29.01.21 12:27, Christopher Faulet wrote: Le 22/01/2021 à 07:08, Willy Tarreau a écrit : On Thu, Jan 21, 2021 at 11:09:33PM +0100, Aleksandar Lazic wrote: On 21.01.21 21:57, Christopher Faulet wrote: Le 21/01/2021 à 21:19, Aleksandar Lazic a écrit : Hi. I'm not sure if I have missed

Re: HAProxy ratelimit based on bandwidth

2021-01-26 Thread Aleksandar Lazic
Hi. On 26.01.21 05:54, Sangameshwar Babu wrote: > Hello Team, > > I would like to get some suggestions on setting up ratelimit on HAProxy 1.8 version, > my current setup is as below. > > 1000+ rsyslog clients(TCP) -> HAProxy (TCP mode) -> backend centralized rsyslog server. > > I have the

Re: Question about substring match (*_sub)

2021-01-23 Thread Aleksandar Lazic
rare case then it's okay as it is, isn't it? Opinions? сб, 23 янв. 2021 г. в 03:18, Aleksandar Lazic mailto:al-hapr...@none.at>>: Hi. I would like to take a look into the substring match implementation because of the comment there. http://git.hapro

Question about substring match (*_sub)

2021-01-22 Thread Aleksandar Lazic
Hi. I would like to take a look into the substring match implementation because of the comment there. http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/pattern.c;h=8729769e5e549bcd4043ae9220ceea440445332a;hb=HEAD#l767 "NB: Suboptimal, should be rewritten using a Boyer-Moore method." Now

Re: Question about rfc8441 (Bootstrapping WebSockets with HTTP/2)

2021-01-21 Thread Aleksandar Lazic
On 21.01.21 21:57, Christopher Faulet wrote: > Le 21/01/2021 à 21:19, Aleksandar Lazic a écrit : >> Hi. >> >> I'm not sure if I have missed something, because there are so many great features >> now in HAProxy, therefore I just ask here. >> >> Is the rfc844

Question about rfc8441 (Bootstrapping WebSockets with HTTP/2)

2021-01-21 Thread Aleksandar Lazic
Hi. I'm not sure if I have missed something, because there are so many great features now in HAProxy, therefore I just ask here. Is the rfc8441 (Bootstrapping WebSockets with HTTP/2) possible in HAProxy now? Regards Aleks

When to add HAProxy to QUIC Implementations Wiki

2021-01-13 Thread Aleksandar Lazic
Hi. When I look into the quicwg site then I miss HAProxy there ;-) https://github.com/quicwg/base-drafts/wiki/Implementations When do you think is the best time to add HAProxy there? Regards Aleks

Re: Clean up "type: feature" in the tracker

2021-01-10 Thread Aleksandar Lazic
On 11.01.21 00:32, John Traweek CCNA, Sec+ wrote: unsubscribe You can unsubscribe you self from the list. https://www.haproxy.org/#tact Regards Aleks On 1/10/21, 10:03 AM, "Tim Düsterhus" wrote: Hi List, Willy, Lukas, as of right now feature requests make up almost

Re: Content inspection using tcp-request/tcp-response content send-spoa-group

2020-11-24 Thread Aleksandar Lazic
Hi. On 24.11.20 11:48, Stanislav Pavlíček wrote: Hello, I'm trying to implement content inspection using haproxy/SPOE and SPOA agent. I created basic sample configuration to demonstrate my issue: https://github.com/haproxy/haproxy/issues/956#issuecomment-732806414 To reproduce locally,

Re: [2.2.5] High cpu usage after switch to threads

2020-11-19 Thread Aleksandar Lazic
Tim. Cool big thank to clarify that for me. Regards Aleks On 19.11.20 17:03, Tim Düsterhus wrote: Aleks, Am 19.11.20 um 16:53 schrieb Aleksandar Lazic: When a H2 client send the header in lowercase then and h1 in mixed-case could the "del-header" line not match when it's on

Re: [2.2.5] High cpu usage after switch to threads

2020-11-19 Thread Aleksandar Lazic
Hi. On 19.11.20 16:16, Maciej Zdeb wrote: Hi, Alaksandar I've looked into code and... :) Great ;-) śr., 18 lis 2020 o 15:30 Aleksandar Lazic mailto:al-hapr...@none.at>> napisał(a): Can you think to respectthe '-i'. http://git.haproxy.org/?p=haproxy.git=search=HEA

Re: [2.2.5] High cpu usage after switch to threads

2020-11-18 Thread Aleksandar Lazic
Hi Maciej. On 18.11.20 14:22, Maciej Zdeb wrote: I've found an earlier discussion about replacing reqidel (and others) in 2.x: https://www.mail-archive.com/haproxy@formilux.org/msg36321.html So basically we're lacking: http-request del-header x-private-  -m beg http-request del-header

Re: Integration of modsecurity v3 with haproxy

2020-11-13 Thread Aleksandar Lazic
On 10.11.20 17:52, Thomas SIMON wrote: > Hi all, > > Is there a way to use some mecanism (spoe or other) to use modsecurity v3 > with haproxy (2.x) ? > I found documentation on modsecurity v2 integration with spoe , but nothing > on v3. > > My goal is to protect backends with modsecurity using

Re: Count uniq Client ips

2020-10-15 Thread Aleksandar Lazic
Tim. On 15.10.20 19:05, Tim Düsterhus wrote: Aleks, Am 15.10.20 um 14:08 schrieb Aleksandar Lazic: The target is to know how much concurrent IP's request the a specific URL. What *exactly* would you like to extract? Do you actually want concurrent IP addresses? Log parsing then would

Re: Count uniq Client ips

2020-10-15 Thread Aleksandar Lazic
Hi Adis, On 15.10.20 15:03, Adis Nezirovic wrote: On 10/15/20 2:08 PM, Aleksandar Lazic wrote: Hi. I though maybe the peers could help me when I yust add the client IP with the URL but I'm not sure if I can query the peers store in a efficient way. The target is to know how much concurrent

Count uniq Client ips

2020-10-15 Thread Aleksandar Lazic
Hi. I have a quite tricky requirement and hope to get some input for a efficient solution. I use a haproyx in front of a streaming server. The access log, in json format, writes out the http request to syslog which is this plugin

Re: [PR] SOCKS4(A)

2020-10-03 Thread Aleksandar Lazic
Hi. On 02.10.20 13:54, Christopher Faulet wrote: Le 02/10/2020 à 08:58, Willy Tarreau a écrit : So if anyone currently uses socks4 to talk to servers, I suggest you run a quick test on 2.2 or 2.3 to see if health checks continue to work over socks4 or not, in which case it's likely you'll be

Re: Dynamic Googlebot identification via lua?

2020-09-08 Thread Aleksandar Lazic
On 08.09.20 22:54, Tim Düsterhus wrote: Reinhard, Björn, Am 08.09.20 um 21:39 schrieb Björn Jacke: the only official supported way to identify a google bot is to run a reverse DNS lookup on the accessing IP address and run a forward DNS lookup on the result to verify that it points to

Re: stable-bot: Bugfixes waiting for a release 2.2 (18), 2.1 (13), 2.0 (8), 1.8 (6)

2020-08-19 Thread Aleksandar Lazic
On 19.08.20 11:42, Willy Tarreau wrote: Hi Aleks, On Wed, Aug 19, 2020 at 11:32:13AM +0200, Aleksandar Lazic wrote: Please can the following patch also be considered to be backported. OPTIM: startup: fast unique_id allocation for acl. http://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h

Re: stable-bot: Bugfixes waiting for a release 2.2 (18), 2.1 (13), 2.0 (8), 1.8 (6)

2020-08-19 Thread Aleksandar Lazic
On 19.08.20 02:00, stable-...@haproxy.com wrote: Hi, This is a friendly bot that watches fixes pending for the next haproxy-stable release! One such e-mail is sent periodically once patches are waiting in the last maintenance branch, and an ideal release date is computed based on the

haproxy <> dataplane

2020-08-15 Thread Aleksandar Lazic
Hi. Afaik are there several ways to run haproxy and dataplane together. Because I just start work with the dataplane, is there a "best practice" or "recommended" way to use these both component together? Maybe someone can share some expirinede with the combination of haproxy and dataplane.

QUIC-LB: Generating Routable QUIC Connection IDs

2020-07-26 Thread Aleksandar Lazic
Hi. Have you seen this Draft? https://datatracker.ietf.org/doc/draft-ietf-quic-load-balancers/ Because there are a lot of QUIC Drafts there and 2.2 is released it would be nice to get some update about the QUIC state in HAProxy ;-). https://datatracker.ietf.org/doc/search/?name=QUIC=on=on

[PATCH] DOC/MINOR: haproxy: Add description which delimiter is used for h1-case-adjust-file

2020-07-15 Thread Aleksandar Lazic
Hi. This patch is a proposal to add the to the doc the delimiter for h1-case-adjust-file. Regards Aleks >From d1b1061a54bb254c722cdfc984cde3466eabf5a1 Mon Sep 17 00:00:00 2001 From: Alex Date: Wed, 15 Jul 2020 21:31:18 +0200 Subject: [PATCH] DOC/MINOR: haproxy: Add description which

Re: Documentation

2020-07-11 Thread Aleksandar Lazic
On 11.07.20 13:11, Tofflan wrote: Hello! Im trying to setup a setup HAProxy on my Pfsense router, the links under documentation dont work. example: https://cbonte.github.io/haproxy-dconv/2.3/intro.html and https://cbonte.github.io/haproxy-dconv/2.3/configuration.html Is there anyway to read

Re: [PATCH 1/2] MEDIUM: ssl: Support certificate chaining for certificate generation

2020-07-06 Thread Aleksandar Lazic
Should a blank be after '%s'? + memprintf(err, "%sthis version of openssl cannot attach certificate chain for SSL certificate generation.\n", + err && *err ? *err : ""); On 05.07.20 14:09, Gersner wrote: That's my fault. I was aware of the versioning but forgot to wrap

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Aleksandar Lazic
Sorry send to early. Now the full answer. On 08.06.20 14:39, Aleksandar Lazic wrote: > On 08.06.20 14:28, Stefano Tranquillini wrote: >> Hi thanks for the reply >> >> why the set-priority is a better choice? >> will it just limit the connection in case there's need

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Aleksandar Lazic
pporting 600 calls, with > the set priority it will still process the 600 calls rather than > limit the user to a max of 100 per minute Well as far as I know have hapox not the feauture to "delay" a connecstion except to move it in the request questue > On Mon, Jun 8, 2020 at 1:27

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Aleksandar Lazic
On 08.06.20 09:15, Stefano Tranquillini wrote: > > > On Sun, Jun 7, 2020 at 11:11 PM Илья Шипицин > wrote: > > > > вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini >: > > Hello all, > > I'm moving to HA using it to

Re: haproxy on embedded device

2020-06-05 Thread Aleksandar Lazic
Hi, On 03.06.20 16:20, Thomas Schmiedl wrote: > Hi, > > maybe someone can help me in this issue. I use > xupnpd2 (https://github.com/clark15b/xupnpd2) on my router > (with this firmware extension: https://freetz.github.io/wiki/index.en.html) > to receive/transfer some hls-streams to the TV.

Re: Termination state: CL--

2020-06-01 Thread Aleksandar Lazic
Hi. Jun 1, 2020 1:37:55 PM Gaetan Deputier : > Hello! > > We have recently observed that a very small amount of our connections were > ended with the following state: CL--. Those connections are coming from > browsers and are correlated to weird behaviours observed in our downstream >

Re: decode key created with url32+src

2020-05-17 Thread Aleksandar Lazic
Tim. Thank you for your prompt answer. Regards Aleks On 18.05.20 01:30, Tim Düsterhus wrote: > Aleks, > > Am 18.05.20 um 00:48 schrieb Aleksandar Lazic: >> Is there a easy way to know which URL+src the key is? >> [...] >>   http-request track-sc1 url32+src table

decode key created with url32+src

2020-05-17 Thread Aleksandar Lazic
Hi. I have this lines in the Table per_ip_and_url_rates. Is there a easy way to know which URL+src the key is? # table: per_ip_and_url_rates, type: binary, size:1048576, used:56781 0x559813fc9200: key=xxx use=0 exp=85821390 http_req_rate(8640)=27 0x7fef40373630: key= use=0 exp=86380499

[PATCH] DOC/MINOR: halog: Add long help info for ic flag

2020-05-15 Thread Aleksandar Lazic
Hi. attached a patch for halog. Regards Aleks >From 37ba93a5f29200e34cfb31aacf93ddcd80fca2ab Mon Sep 17 00:00:00 2001 From: Aleksandar Lazi Date: Fri, 15 May 2020 22:58:30 +0200 Subject: [PATCH] DOC/MINOR: halog: Add long help info for ic flag Add missing long help text for the ic (ip count)

Re: [tcp|http]-check expect status explained

2020-05-07 Thread Aleksandar Lazic
Hi Christopher. On 07.05.20 07:55, Christopher Faulet wrote: > Le 07/05/2020 à 00:06, Aleksandar Lazic a écrit : >> On 07.05.20 00:02, Lukas Tribus wrote: >>> On Wed, 6 May 2020 at 23:33, Aleksandar Lazic wrote: >>>> >>>> Hi. >>>> >&

Re: [tcp|http]-check expect status explained

2020-05-06 Thread Aleksandar Lazic
On 07.05.20 00:02, Lukas Tribus wrote: > On Wed, 6 May 2020 at 23:33, Aleksandar Lazic wrote: >> >> Hi. >> >> The doc for [tcp|http]-check expect have some *-status arguments like >> "L7OK", "L7OKC","L6OK" and "L4OK"

[tcp|http]-check expect status explained

2020-05-06 Thread Aleksandar Lazic
Hi. The doc for [tcp|http]-check expect have some *-status arguments like "L7OK", "L7OKC","L6OK" and "L4OK" and so on. In the whole documentation are this states not explained. I'm not sure in which chapter this states fit's, quick reminder HTTP,global, logging, new chapter? My suggestion is

Re: Question about connection settings proto fcgi check maxconn 9 minconn 5 maxqueue 0

2020-05-04 Thread Aleksandar Lazic
Hi Christopher. On 04.05.20 11:28, Christopher Faulet wrote: > Le 03/05/2020 à 09:52, Aleksandar Lazic a écrit : >> Hi. >> >> I play a little bit with proto fcgi and see something what I don't >> understand. >> >> Hopefully someone can explain it a b

  1   2   3   4   5   6   7   8   9   >