Re: HAProxy clustering

2016-12-16 Thread Neil - HAProxy List
ere to occur. no sense in having the log spam, network > > traffic, and load from healthchecks that aree essentially useless > > (IMO, of course) > > > > > > > > > > On Fri, Dec 16, 2016 at 2:50 PM, Neil - HAProxy List > > <maillist-hapr...@iamafreeman.

Re: rspadd X-Frame-Options:\ ALLOW-FROM

2016-10-15 Thread Neil - HAProxy List
Hello the warning explains it. you are attempting to change a response based on a request header. responses dont have access to request headers. there are ways round that this has come up on the list before so archives will have an answer or two Neil On 15 Oct 2016 16:28, "Amol"

Re: Inform backend about https for http2 connections

2016-08-06 Thread Neil - HAProxy List
Hello if you can have the app not specify the scheme for the css etc. just use //site.com/path or /path if it is on the same site On 6 Aug 2016 04:33, "Igor Cicimov" wrote: > On 6 Aug 2016 1:31 am, "Matthias Fechner" wrote: > > > > Dear

Re: Only using map file when an entry exists

2016-03-12 Thread Neil - HAProxy List
redirect_host.map)] code 301 if { > hdr(host),map(/etc/haproxy/redirect_host.map) -m found } > > Regards, > Nenad > > On 03/11/2016 11:32 PM, Neil - HAProxy List wrote: > > Hello > > > > I've left a little time and no one has said anything more so time for me >

Re: Only using map file when an entry exists

2016-03-11 Thread Neil - HAProxy List
a little sutprised to find myself the first to want this > > Cheers > > Neil > On 3 Mar 2016 18:08, "Neil - HAProxy List" < > maillist-hapr...@iamafreeman.com> wrote: > >> Thanks Conrad, >> >> That sort of thing looks better that what I had, and I

Re: Only using map file when an entry exists

2016-03-11 Thread Neil - HAProxy List
I'm amazed by the number of typos in one message. ;) On 3 Mar 2016 18:08, "Neil - HAProxy List" <maillist-hapr...@iamafreeman.com> wrote: > Thanks Conrad, > > That sort of thing looks better that what I had, and I'll give it a go. > > I still think this is a bit l

Re: Only using map file when an entry exists

2016-03-03 Thread Neil - HAProxy List
Thanks Conrad, That sort of thing looks better that what I had, and I'll give it a go. I still think this is a bit long winded syntax for something that probably quite a common things to want to do? A map_contains type boolean function still seems like a good to have? Thanks Neil On 3 March

Only using map file when an entry exists

2016-03-03 Thread Neil - HAProxy List
Hello HA-Proxy version 1.5.15 2015/11/01 I've got a service with some redirects for old virtual hosts to new locations on main website that I want to store in a map file /etc/haproxy/redirect_host.map with lines like www.oldname.com http://www.shiny.net/collections/oldname My issue is I don't

Re: Access control for stats page

2015-04-21 Thread Neil - HAProxy List
Hello Yep there is Have a frontend Send say /hastats to a hastats backend have the backend have its stats URL be /hastats too Set the acls in the frontend I'll post a config example in a bit. Neil On 21 Apr 2015 20:09, CJ Ess zxcvbn4...@gmail.com wrote: Is there a way to setup an ACL for

Re: Access control for stats page

2015-04-21 Thread Neil - HAProxy List
/fontbr/font color='blue' size='3'running on hostnamebr/ config version/font stats show-legends stats auth admin:password stats admin if TRUE On 21 April 2015 at 21:04, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote: Hello Yep there is Have a frontend Send say

Re: ldap-check with Active Directory

2015-03-31 Thread Neil - HAProxy List
) these and many others could be shipped with haproxy. this seems to make sense to me as they are small contained logical items Neil On 30 March 2015 at 23:02, Baptiste bed...@gmail.com wrote: you should believe it :) On Mon, Mar 30, 2015 at 11:34 PM, Neil - HAProxy List maillist-hapr

ldap-check with Active Directory

2015-03-30 Thread Neil - HAProxy List
Hello I'm trying to use ldap-check with active directory and the response active directory gives is not one ldap-check is happy to accept when I give a 389 directory backend ldap server all is well, when I use AD I get 'Not LDAPv3 protocol' I've done a little poking about and found that

Re: ldap-check with Active Directory

2015-03-30 Thread Neil - HAProxy List
Hello Thanks so much. That worked well, I now get *L7OK/0 in 0ms* not sure I believe the 0ms but maybe I should Thanks again, Neil On 30 March 2015 at 22:14, Baptiste bed...@gmail.com wrote: On Mon, Mar 30, 2015 at 10:33 PM, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote

Re: no-sslv3 in default

2014-10-16 Thread Neil - HAProxy List
Hello I'd go further. Sslv3 us an obsolete protocol does anyone disagree with that? For a start make no-sslv3 the default and have a enable-obsolete-sslv3 option. Or better make enabling it a compile time option. Or maybe just get rid of it altogether? The examples on the web and on this

Re: Using a WhiteList in HAProxy 1.5

2014-07-16 Thread Neil - HAProxy List
Hi If you only have one range and it does not change often then a acl file should be avoided. http-request deny unless src 123.123.123.123/123 If you have more than one range a acl should be used Only if you have many or they change often would a file suit. Is clearer imho Neil On 16 Jul 2014

Re: Binaries for HAProxy.

2014-07-16 Thread Neil - HAProxy List
And lets not do too much to dampen any pressure to get haproxy 1.5 into rhel7 and ubuntu1404 Neil On 16 Jul 2014 16:12, Ghislain gad...@aqueos.com wrote: Just put http://nd-build-01.linux-appliance.net/repos/centos/ haproxy/haproy-centos-6x.repo under /etc/yum.repos.d/ and issue yum install

Re: 1.5 latest segfault trying to negate acl

2014-04-10 Thread Neil - HAProxy List
Hi Thank you, I can confirm this fixes the issue for me Thanks, Neil On 9 April 2014 12:35, Willy Tarreau w...@1wt.eu wrote: Hi guys, sorry it took that long to take a look at it. I've just pushed the patch, it's available here :

1.5 latest segfault trying to negate acl

2014-04-07 Thread Neil - HAProxy List
Hello my logs have a uncomforting line *kernel: [7302179.685736] haproxy[1766]: segfault at 7c ip 7f6629410a9f sp 7fffdaf98868 error 4 in libc-2.15.so http://libc-2.15.so[7f66292ae000+1b5000]* We caused this trying to use this config which tries to track the source of a connection

Re: Haproxy 1.4 url redirection issue

2014-03-03 Thread Neil - HAProxy List
Hello Amol Here is an example of the sort of thing I use The 3 important things for are ServerName https://servicename.domain.com:443 SetEnv HTTPS on UseCanonicalName On VirtualHost *:8080 ServerName https://servicename.domain.com:443 ## Vhost docroot DocumentRoot /var/www/ ##

Re: HAProxy Next?

2013-12-17 Thread Neil - HAProxy List
Hi I'd like the option of a web based api to replace the functionality of the web admin pages with a service which can be used remotely to monitor and control multiple haproxy and provide any fancy authentication and auditing outside of the haproxy service using whichever tech seems appropriate.

url32+src - like base32+src but whole url including parameters

2013-11-04 Thread Neil - HAProxy List
Hello I have a need to limit traffic to each url from each source address. much like base32+src but the whole url including parameters (this came from looking at the recent 'Haproxy rate limit per matching request' thread) attached is patch that seems to do the job, its a copy and paste job of

Re: Haproxy rate limit per matching request

2013-11-04 Thread Neil - HAProxy List
Hello Chris and I followed this example but found that it limits by url but for all users. that might be what you want in a slashdotting but its not what we want for individual users falling asleep with nose on f5(reload) key we looked at base32+src rather than url but that excludes the url