Hello,
I'm testing this behaviour with 2.2.3-0e58a34 with the line
"http-request del-header x- -m beg" but it reports an error:
[ALERT] 264/110329 (5812) : parsing [/etc/haproxy//haproxy.cfg:91]:
'http-request del-header' expects either 'if' or 'unless' followed by a
condition but found '-
For example, to start a new transaction, as the documentation [1]
points:
version / required
Configuration version on which to work on
Or the blog post about it [2]:
Call the /v1/services/haproxy/transactions endpoint to create a new
transaction. This requires a version parameter in the URL,
Hello,
Getting the file version seems to be one of the first things to do at
the beginning of using the API, but I can't find an easy and clear way
to get it.
It seems extrange that that thing doesn't have a target url to get it.
Maybe I'm wrong, but I get it with the raw output:
# curl --
Hello Willy,
Following your suggestions, I've been testing the "debug" solution (in a
2.2 HAproxy) with this sample conf:
http-request use-service prometheus-exporter if { path,debug(buf0) -m
beg /metrics }
seeing from the socket the entries registered on buf0:
# echo "show events b
Hello,
On a complex configuration with multiples ACLs, is there a way to debug
what of them are applied over a request?
Is it possible to append the unique id of the ACLs to the line on the
log?
Thanks,
El 2020-05-23 15:48, Baptiste escribió:
On Thu, May 21, 2020 at 11:47 AM Ricardo Fraile
wrote:
Hello,
I'm fancing an extrange behaviour with DNS resolution and
timeout/hold
times. As testing enviroment, I use Haproxy 1.8.25 and this sample
conf:
global
master-worker
log /dev/log local5
Hello,
I'm fancing an extrange behaviour with DNS resolution and timeout/hold
times. As testing enviroment, I use Haproxy 1.8.25 and this sample conf:
global
master-worker
log /dev/log local5 info
pidfile /var/run/haproxy.pid
nbproc 1
resolvers dns
nam
Hello,
+1 for this feature
I have some rspidel and rspirep waiting to be migrated to 2.2 when this
feature will be available.
Thanks,
El vie, 14-02-2020 a las 09:59 +0100, Willy Tarreau escribió:
> Hi James,
>
> On Fri, Jan 31, 2020 at 12:44:24PM -0800, James Brown wrote:
> > So how should
Hello,
I've been facing an issue related a malformed request sended from an
external client, the line that the HAproxy register was like this:
Dec 4 07:15:30 balancer haproxy[22482]: 1.1.1.1:35546
[04/Dec/2019:07:15:29.221] proxy-1~ proxy-1/ -1/-1/-1/-1/1096
400 5210 - - CR-- 41/12/0/0/0 0/0 {|
Hello,
On Wed, 2019-07-10 at 16:09 +0200, Lukas Tribus wrote:
> Hello Ricardo,
>
>
> On Wed, 10 Jul 2019 at 15:38, Ricardo Fraile
> wrote:
> > Hello,
> >
> >
> > I have multiple backends and some of them share the same acl for
> > the
> >
Hello,
I have multiple backends and some of them share the same acl for the
static content, as example:
backend back-1
acl no-cookie path_end .gif .jpg .png (+15 more)
ignore-persist if no-cookie
...
backend back-2
acl no-cookie path_end .gif .jpg .png (+15 more)
ignore-per
Hello,
I'm trying to set an acl for multiple status codes. As example, using
only for one works:
http-response set-header Cache-Control max-age=60 if { status 302 }
but with more than one, trying with a regex, fails because it is not
implemented in httpr-response:
http-response set-header
Hello,
What is the difference between using one of the following rules instead
of the other?
I think that rspdel is the historic way to do, but maybe it have other
implications.
rspdel ^Server.*
or
http-response del-header Server
Thanks,
El vie, 05-10-2018 a las 11:38 +0200, Jerome Magnin escribió:
> Hello,
>
> On Fri, Oct 05, 2018 at 10:46:20AM +0200, Ricardo Fraile wrote:
> > Hello,
> >
> >
> > I have tested that some types of acls can't be combined, as example:
> >
>
Hello,
I have tested that some types of acls can't be combined, as example:
Server 192.138.1.1, acl with combined rules:
acl rule1 hdr_dom(host) -i test.com
acl rule1 src 192.168.1.2/24
redirect prefix https://yes.com code 301 if rule1
redirect prefix https://no
e: Willy Tarreau
Enviado: viernes, 22 de diciembre de 2017 18:57
Para: Ricardo Fraile
Cc: haproxy@formilux.org
Asunto: Re: Issue after upgrade from 1.7 to 1.8 related with active sessions
Hi Ricardo,
On Fri, Dec 22, 2017 at 12:37:42PM +0100, Ricardo Fraile wrote:
> Continuing with the in
AF_LOCAL, sun_path="/dev/log"},
msg_iov(8)=[{"<174>Dec 22 12:09:45 ", 21}, {"haproxy", 7}, {"[", 1},
{"10408", 5}, {"]: ", 3}, {"", 0}, {"192.168.1.117:35835
[22/Dec/2017"..., 129}, {"\n", 1}], msg_controllen=0, m
ll take the time to anonymize and
share.
Thanks,
El mié, 20-12-2017 a las 18:19 +0100, Willy Tarreau escribió:
> Hello Ricardo,
>
> On Wed, Dec 20, 2017 at 05:00:33PM +0100, Ricardo Fraile wrote:
> > Hello,
> >
> > After upgrade from 1.7.4 to 1.8.1, basically wit
Hello,
After upgrade from 1.7.4 to 1.8.1, basically with the end of mail conf
snippet, the sessions started to grow, as example:
1.7.4:
Active sessions: ~161
Active sessions rate: ~425
1.8.1:
Active sessions: ~6700
Active sessions rate: ~350
Looking into the linux (3.16.7) server, there are a
Hi Haproxy Team,
If I'm not wrong, with the previous versions, the stats was separated in
each process if the nproc > 1 was used. But what is the state now in 1.8
if the "master-worker" configuration is used?
In the following configuration snippet, the socket is bounded to process
1, but have it
Hi,
It's interesting to have in the section "4. Stopping and restarting
HAProxy" in the management.txt document some information related to the
behaviour of the stats when a restart is done.
As suggestion, here is my patch.
Thanks,
Ricardo F.
diff --git a/doc/management.txt b/doc/management.t
Hello,
I fallen into a similar requirement to the commented in these mails a
few years ago. As the right solution still is the use of any alternative
workaround, I add my 2 cents to the already been said.
For deny rules, the normal solution is:
frontend
acl rule_user-agent hdr
Hello,
Taking as starting point the following rate limit sticky table, in which
the requests are tracked by the "X-Client-IP" header and have an acl to
limit if there are more than 250 in 1 second:
stick-table type ip size 1m expire 1h store gpc0,http_req_rate(1s)
http-request track-sc0 req.h
e behaviour that the
"-f" option provides.
Thanks in advance,
Regards,
From a4d0ea299144f5f2c5983b1335b8d89241f3c0ec Mon Sep 17 00:00:00 2001
From: Ricardo Fraile
Date: Thu, 12 Jan 2017 12:29:44 +0100
Subject: [PATCH] MINOR: systemd unit works with cfgdir and cfgfile
---
contrib/
oxy -Ds -p /run/haproxy.pid
-- /etc/haproxy/haproxy.conf /etc/haproxy/z.conf /etc/haproxy/zz.conf
Thanks,
El mar, 13-12-2016 a las 11:56 -0500, Patrick Hemmer escribió:
> On 2016/12/13 11:14, Ricardo Fraile wrote:
> > Hello Jarno,
> >
> >
> > Yes, you are right,
Jarno Huuskonen escribió:
> Hi Ricardo,
>
> On Mon, Dec 12, Ricardo Fraile wrote:
> > Yes, shell expansion did the trick, this is the working systemd unit:
> >
> >
> > [Unit]
> > Description=HAProxy Load Balancer
> > After=network.target
> >
&g
ONF[@]/#/-f }
Thanks,
El lun, 12-12-2016 a las 16:28 +0200, Jarno Huuskonen escribió:
> Hi,
>
> On Mon, Dec 12, Ricardo Fraile wrote:
> > But the systemd execution is still a issue with the following unit:
> >
> > [Unit]
> > Description=HAProxy Load Balanc
at 11:55:44AM +, Ricardo Fraile wrote:
> > Hello,
> >
> > Finally I found a workaround. Generate a list with all the configuration
> > files with a script in a ExecStartPre unit option, load the list into a
> > enviroment variable and pass them to the haproxy
rt=/usr/local/sbin/haproxy-systemd-wrapper -p /run/haproxy.pid $CONF
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
[Install]
WantedBy=multi-user.target
4.- Refresh systemd and run it:
systemctl daemon-reload
systemctl restart haproxy.service
I hope that this help to someone.
Reg
Hello,
I'm trying to use the "--" option for load multiple files in a systemd
unit, using the following file:
[Unit]
Description=HAProxy Load Balancer
After=network.target
[Service]
ExecStartPre=/usr/local/sbin/haproxy -c -q -- /etc/haproxy/*
ExecStart=/usr/local/sbin/haproxy-systemd-wrapper -
Hello,
I try to limit the number of file descriptors using the variable
"LimitNOFILE" inside the following systemd unit:
[Unit]
Description=HAProxy Load Balancer
After=network.target
[Service]
ExecStartPre=/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/sbin/hapr
Hello,
When Haproxy is configured with persistence, delivering request along various
backends with something like:
...
cookie SERVER insert maxidle 60m maxlife 180m indirect
server web1 192.168.1.50:80 cookie A check inter 5s fastinter 1s downinter 1s
rise 2 fall 2
server web2 192.168.1.51:80
mit_x_user_id sc0_http_req_rate gt 1 # limit to one request per
>second / per user
>
>The acl to drop the connection is:
>
> http-request if { limit_x_user_id }
>
>KEYWORD can be:
>
> "tarpit" if you want to slow down this user
> "redirect" if y
Hello,
I'm interested on it too.
Thanks,
Derivates", and
i can't release a valid configuration working with it in my test.
¿Is i tpossible to do that, match the first characters of the track header?
¿any example conf with hdr_beg running in a tcp-request line?
Thanks,
____
De:
." in the same place of "10.0.0.0/8"
but nothing.
Thanks,
________
De: Baptiste
Para: Ricardo Fraile
CC: "haproxy@formilux.org"
Enviado: Sábado 8 de junio de 2013 8:40
Asunto: Re: Block clients based on header in real time?
Hi Ricardo,
Actu
ar is this message in the list:
http://comments.gmane.org/gmane.comp.web.haproxy/9938 but the problem is that
there the ip of the client is inside a header.
Thanks,
- Mensaje original -
De: Ricardo Fraile
Para: "haproxy@formilux.org"
CC:
Enviado: Jueves 30 de Mayo de 2013 12:
ks,
- Mensaje original -
De: Baptiste
Para: Ricardo Fraile
CC: "haproxy@formilux.org"
Enviado: Miércoles 29 de Mayo de 2013 14:51
Asunto: Re: Block clients based on header in real time?
Hi,
With latest HAProxy version, you could use a stick table and insert
IPs in the stick tabl
Hello,
I'm looking for a solution for blocking users based on a header,
x-forwarded-for. I have yet an acl for this but is it possible to update the
list of ips without restart haproxy?
Thanks,
Hello,
I have written these days several plugins to monitor almost all variables
in the Haproxy csv with Munin. I know that there are already some but I didit
in bash for particular reasons.
Depend of the Munin configuration, the plugins can use http or unix sockets
for request the csv
Great!
Thanks Willy,
De: Willy Tarreau
Para: haproxy@formilux.org
Enviado: Martes 4 de septiembre de 2012 1:37
Asunto: HAProxy with native SSL support !
Hi all,
today is a great day (could say night considering the time I'm posting) !
After several months
41 matches
Mail list logo
