Re: haproxy hiding url/minio

Greetings, On 12/23/2020 7:10 PM, Jonathan Opperman wrote: Works perfectly fine, what is the best way to hide /minio so it will rather say /storage so externally I hide the fact that we are using minio? You can do that by using 'http-request set-path %[regsub(^/storage,/minio)]' to

Re: comparing stick-table values in acl

Greetings, On 12/7/2019 4:48 PM, Björn Jacke wrote: Hi, I would like to compare two different stick-table values in an ACL. What I tried to do was an obvious comparison like this: http-request deny if { sc_conn_rate(0) le sc_http_req_rate(1) } The following should do what you seek:

Re: How to allow Client Requests at a given rate

Greetings, On 2/23/2019 3:06 AM, Santos Das wrote: Hi, I have a requirement where I need to allow only certain request rate for a given URL. Say /login can be accessed at the rate of 10 RPS. If I get 100 RPS, then 10 should be allowed and 90 should be denied. There are a couple of ways

Re: Logging actual fetched URL after request is re-written

Greetings, Sorry, pressed wrong button so didn't include on CC. On 03/27/2018 01:03 PM, Chad Lavoie wrote: Greetings, On 03/27/2018 12:49 PM, Franks Andy (IT Technical Architecture Manager) wrote: Hi all,   Logging with HTTP as standard, the %{+Q}r log variable records the requested

Re: Logging actual fetched URL after request is re-written

Greetings, On 03/27/2018 12:49 PM, Franks Andy (IT Technical Architecture Manager) wrote: Hi all,   Logging with HTTP as standard, the %{+Q}r log variable records the requested URL in the logs. I’d like to also record the URL that’s actually fetch after an http-request set-path directive

Re: Monitoring/testing tarpit and connection rejects

Greetings, Answers inline. On 02/16/2018 08:03 AM, Stefan Magnus Landrø wrote: Hi guys, We're using using some of the DDOS features found ini haproxy (e.g. https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/) We've performed some basic testing using

Re: Is there a more efficient way to use backend webservers with HAproxy+Lua scripts ?

Greetings, On 06/29/2017 05:36 PM, Burak Çayır wrote: Hello, I am a CS student and I am trying to learn HAproxy and Lua API. I want to load web server pages faster than before. Is it possible with HAproxy Lua API ? If it is possible , which algorithm I should use ? The correct algorithm

Re: question about ssl and non-ssl on the same port

Greetings, On 04/05/2017 02:19 PM, Jerry Scharf wrote: Hi, I have a question that I think I know the answer to. We have lots of things that are of the form of bind *:80 redirect scheme https if !{ ssl_fc } bind *:443 ssl crt xxx use_backend xxx-be if { ssl_fc_sni

Re: Redirection append '/' at the end of the Destination URL

Greetings, On 11/18/2016 04:55 PM, Qingshan Xie wrote: Hello! Experts, I got one issue when configure a redirection. I want to configure a redirection from http://http://%3Ca.b.c/> to https:///view/. the configuration is as below, acl is_map1

Re: stick-table not updated with every request

Greetings, On 10/21/2016 08:19 AM, Dennis Jacobfeuerborn wrote: Hi, I'm currently experimenting with rate limiting request and while this sort-of works I see an issue where sometimes the stick-table that contains the rate-limiting variables isn't update with every request allowing multiple

[PATCH] Minor: Escape equals sign on socket dump

Greetings, Was recently working with a stick table storing URL's and one had an equals sign in it (e.g. 127.0.0.1/f=ab) which made it difficult to easily split the key and value without a regex. This patch will change it so that the key looks like "key=127.0.0.1/f\=ab" instead of

Re: how can i get pass original ip in tcp mode

Greetings, On 09/07/2016 10:48 AM, Long Ma wrote: HI haproxy: My haproxy version is 1.6. And I use haproxy before my game_server on tcp mode Client on A(172.16.77.32) HaProxy and game_server on B (172.16.77.37) Config file is: When I

Re: Rate limiting options using HAProxy

Greetings, On 08/30/2016 05:12 PM, Chad Lavoie wrote: Greetings, On 08/30/2016 12:30 PM, Sam kumar wrote: Hello Sir, I am trying to implement rate limiting using HA proxy for my HTTP restful services. My requirement is to go implement below two scenario 1.URL based : Every API urls

Re: Rate limiting options using HAProxy

Greetings, On 08/30/2016 12:30 PM, Sam kumar wrote: Hello Sir, I am trying to implement rate limiting using HA proxy for my HTTP restful services. My requirement is to go implement below two scenario 1.URL based : Every API urls will have different throttle limit To have limits that

Re: Help Needed || haproxy limiting the connection rate per user

, Aug 26, 2016 at 10:16 PM, Chad Lavoie <clav...@haproxy.com <mailto:clav...@haproxy.com>> wrote: Greetings, On 08/26/2016 09:14 AM, Samrat Roy wrote: Hello Sir, down votefavorite <http://stackoverflow.com/questions/39166887/haproxy-limiting-the-connectio

Re: Help Needed || haproxy limiting the connection rate per user

Greetings, On 08/26/2016 09:14 AM, Samrat Roy wrote: Hello Sir, down votefavorite I am trying to achieve rate limiting using HAProxy. I am trying to follow the "Limiting the

Re: Adding a custom tcp protocol to HAProxy

Greetings, On 7/10/16 6:33 AM, Matt Esch wrote: > I need to load balance a custom tcp protocol and wonder if HAProxy > could be configured or extended for my use case. > > The protocol is a multiplexed frame-based protocol. An incoming socket > can send frames in arbitrary order. The first 2

Re: Does haproxy use regex for balance url_param lookup?

Greetings, On 6/26/16 7:40 AM, k simon wrote: > Hi, lists, >I noticed that haproxy 1.6.5 hog the cpu periodiclly on FreeBSD 10 > with 800K-1M syscalls. I change the balance algo to "uri" and delete all > the regular expressions can work around it. There maybe some bug with > PCRE on

Re: Proposal: auto-reload of ACL files

Greetings, On 04/29/2016 11:37 AM, Philipp Buehler wrote: Am 29.04.2016 17:27 schrieb Chad Lavoie: HAProxy sockets support "add acl " to add an ACL entry or "add map" to add to a map. Can be used with "clear acl"/"clear map" to empty the table firs

Re: Proposal: auto-reload of ACL files

Greetings, On 04/29/2016 11:16 AM, Philipp Buehler wrote: Hi, I quite like not to reload haproxy every here and there (stats and races..) and make quite some use of 'acl foo .. -f aclfile'. Now feature-creep mounts and aclfile shall be build/extended "on demand" (think of something along

Re: Help! HAProxy randomly failing health checks!

Greetings, On 03/15/2016 02:54 PM, Zachary Punches wrote: Hello! My name is Zack, and I have been in the middle of an on going HAProxy issue that has me scratching my head. Here is the setup: Our setup is hosted by amazon, and our HAProxy (1.6.3) boxes are in each region in 3 regions. We

Re: peers and stick-table stats

Greetings Pavlo, On 03/15/2016 05:23 AM, Pavlo Zhuk wrote: Hi, Is there any good way to monitor stick-table utilization? The first line of a "show table" socket command has the "size" field (showing the size as set in the config) and the "used" field (showing how many entries are currently

Re: Asking for help: how to expire haproxy's stick table entry only after the closing of all sessions which used it

Greetings Hugo, On 03/15/2016 09:25 AM, Hugo Maia wrote: Hi, my name is Hugo. I'm currently using Haproxy 1.5, I have a backend with 2 servers. My app servers receive connection from two clients and I want both of them to be attributed to the same server. All connections have a url

Re: 'show table' is unreliable?

. - Chad On 03/11/2016 05:29 PM, Robert Samuel Newson wrote: ah, yes, nbproc of 2 here, but I should be clear. The stick tables are in a proxy pinned to one single process, the other is used to handle TLS decoding. On 11 Mar 2016, at 18:27, Chad Lavoie <clav...@haproxy.com> w

Re: 'show table' is unreliable?

Greetings, That should have been "Do you have nbproc set and more then 1?", sorry. - Chad On 03/11/2016 01:17 PM, Chad Lavoie wrote: Greetings, Do you have nbproc set or more then 1? If so, then each thread has its own stick table set; and depending on what thread handles it

Re: 'show table' is unreliable?

Greetings, Do you have nbproc set or more then 1? If so, then each thread has its own stick table set; and depending on what thread handles it the values will differ. Individual frontends can be set to a specific thread with bind-process (or for SSL a frontend specifically for SSL

Re: Slowness on deployment

Greetings, Error in my last e-mail, used used the word client instead of server; fixed inline. On 03/10/2016 02:34 PM, Chad Lavoie wrote: Greetings, Having paged through the logs, I see a lot that seem to have the first four numbers fairly small (indicating that the request to the response

Re: Slowness on deployment

Greetings, Having paged through the logs, I see a lot that seem to have the first four numbers fairly small (indicating that the request to the response headers finished before times started getting extreme) (Tq, Tw, Tc, Tr), but which have an overall time (Tt) in the realm of five minutes.

Re: Slowness on deployment

Greetings, On 03/09/2016 04:28 PM, matt wrote: Yes. Regarding the different times, I've made some editing in order to avoid exposing some information about our endpoints/ip addresses, but they are normal times. Okay, just wanted to ensure that you expected a wide variety of times, as

Re: Slowness on deployment

Greetings, In general I just eyeball the numbers, in most cases that gives a good idea for what is happening. Sometimes I pipe a specific column through a script to get mean and std deviation, but generally I don't need to go that far. Looking through the numbers I see some GET /'s taking

Re: Slowness on deployment

Greetings, The first place I'd start looking would be the timings in the HAProxy logs to see what part of the process is being slow. In the logs (if http mode) the default format has five timing values in the column after the backend_name/server_name component which will say what part of

Re: SSL Cipher stats

Greetings, On 03/08/2016 11:20 AM, Jeff Palmer wrote: I too would be interested in this. extra points if the info could be gathered for individual backends or frontends. I didn't explicitly mention it, but my example config tracks by frontend id in the stick table (id was 7 in my example).

Re: SSL Cipher stats

Greetings, To do it without logging the only other ways I can think of to get it out of HAProxy will ether be headers to the backends for logging there, or doing it via stick tables (or sending the stick table stats via a header to the backend for logging). To cover the stick table option

Re: acl for denying requests originating from Cloudflare protected servers while behind Cloudflare myself ...

Greetings, On 02/14/2016 08:39 PM, Woody Woodpecker wrote: Hello, I am struggling to get an acl working to reject traffic originating from servers protected by the Cloudflare network, while my servers are behind Cloudflare too … So I allow only traffic from the Cloudflare network to