Am Mi., 1. März 2023 um 11:49 Uhr schrieb Aurelien DARRAGON <
adarra...@haproxy.com>:
> > In the HAProxy configuration i'm using the FQDN name, and it seems
> > HAProxy is just using the short hostname.
> This seems to be true indeed, "localpeer" default value is retrieved
> thanks to gethostname(
Am Mi., 1. März 2023 um 10:49 Uhr schrieb Lukas Tribus :
> On Wed, 1 Mar 2023 at 10:09, bjun...@gmail.com wrote:
> >
> > Hi,
> >
> > i've upgraded from HAProxy 2.4.15 (OS: Ubuntu 18.04) to 2.4.22 (OS:
> Ubuntu 22.04). Now the stick-table synchronization be
Hi,
i've upgraded from HAProxy 2.4.15 (OS: Ubuntu 18.04) to 2.4.22 (OS: Ubuntu
22.04). Now the stick-table synchronization between peers isn't working
anymore.
The peers listener is completely not existing (lsof output).
HAProxy config:
peers LB
peer s017.domain.local 192.168.120.207:1234
Hi,
is HAProxy 2.0.x with "no option http-use-htx" also affected by
this vulnerability?
Best regards / Mit freundlichen Grüßen
Bjoern
Am Di., 7. Sept. 2021 um 17:30 Uhr schrieb Willy Tarreau :
> Hi everyone,
>
> Right after the previous announce of HTTP/2 vulnerabilities, a group
> of security
Am Sa., 13. Juni 2020 um 22:15 Uhr schrieb Willy Tarreau :
> Hi William,
>
> On Sat, Jun 13, 2020 at 03:13:06PM +0200, William Dauchy wrote:
> > Hi,
> >
> > On Thu, Jun 11, 2020 at 1:10 PM Willy Tarreau wrote:
> > > Sure but what I wanted to say was that travis seems to be the only
> > > point ex
Hi Christian,
i'm using the following (i don't know if you're asking for HTTP mode) when
i need to track multiple sample fetches:
frontend http
http-request set-header X-Concat %[req.fhdr(User-Agent)]_%[src]
http-request track-sc0 req.fhdr(X-Concat)
Best regards / Mit freundlichen Grüßen
Bj
Am Mittwoch, 17. Juni 2020 schrieb William Lallemand :
> Hello,
>
> On Wed, Jun 17, 2020 at 03:28:19PM +0300, tbn wrote:
> > Hello list,
> >
> >I saw William Lallemand's announcement regarding the possibility of
> > loading dynamic ssl certificates right here
> > https://www.mail-archive.com/h
Am Fr., 12. Juni 2020 um 16:02 Uhr schrieb Jerome Magnin :
> On Fri, Jun 12, 2020 at 03:09:18PM +0200, bjun...@gmail.com wrote:
> > Hi,
> >
> > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
> >
> > I'm trying to get TLSv1 working (we need
Am Fr., 12. Juni 2020 um 15:38 Uhr schrieb bjun...@gmail.com <
bjun...@gmail.com>:
> Am Fr., 12. Juni 2020 um 15:24 Uhr schrieb Lukas Tribus :
>
>> Hello Bjoern,
>>
>>
>> On Fri, 12 Jun 2020 at 15:09, bjun...@gmail.com
>> wrote:
>> >
>&g
Am Fr., 12. Juni 2020 um 15:24 Uhr schrieb Lukas Tribus :
> Hello Bjoern,
>
>
> On Fri, 12 Jun 2020 at 15:09, bjun...@gmail.com wrote:
> >
> > Hi,
> >
> > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
> >
> > I'm trying to get
Hi,
currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
I'm trying to get TLSv1 working (we need this for some legacy clients), so
far without success.
I've read different things, on the one hand Ubuntu has removed
TLSv1/TLSv1.1 support completely, otherwise that it can be enabled:
http://cha
Am Do., 11. Juni 2020 um 15:00 Uhr schrieb Willy Tarreau :
> By the way if that helps I've re-added the records for
> {git,www}.haproxy.org. It will take one hour or so to propagate, but
> you'll be able to see if using IPv6 causes the same issue or not. I'd
> guess it would work better since
ards / Mit freundlichen Grüßen
Bjoern
Am Do., 11. Juni 2020 um 13:17 Uhr schrieb Willy Tarreau :
> On Thu, Jun 11, 2020 at 01:09:37PM +0200, bjun...@gmail.com wrote:
> > Hello Willy,
> >
> > just for clarity, it's not only port 80. I've looked at it, it's
Hello Willy,
just for clarity, it's not only port 80. I've looked at it, it's
definitely some issue/blocking within the travis infrastructure, routing
from GCE Cloud (us-east1) is fine.
Best regards / Mit freundlichen Grüßen
Bjoern
Am Do., 11. Juni 2020 um 12:23 Uhr schrieb Willy Tarreau :
> On
Hello Willy,
i have a Travis CI job that is pulling/cloning a repo from git.haproxy.org,
but unfortunately this isn't working anymore (i believe since May, 12).
Output Travis CI job:
$ ping -c 4 git.haproxy.org
PING ipv4.haproxy.org (51.15.8.218) 56(84) bytes of data.
--- ipv4.haproxy.org ping s
Am Samstag, 18. Januar 2020 schrieb Aleksandar Lazic :
> Hi Bjoern.
>
> On 18.01.20 14:02, bjun...@gmail.com wrote:
>
>> Am Samstag, 18. Januar 2020 schrieb Aleksandar Lazic > <mailto:al-hapr...@none.at>>:
>>
>> Hi.
>>
>> On 18.01
Hi,
i want to redirect the following (the value of the code param should be
rewritten):
abc.de/?v=1&code=1530&b=3-> abc.de/?v=1&code=6780&b=3
abc.it/?v=2&code=2400&b=2 -> abc.it/?v=2&code=7150&b=2
abc.fr ..
abc.se ..
.
.
When i don't use maps, i can accomplish the task with the foll
Am Fr., 17. Mai 2019 um 21:15 Uhr schrieb Tim Düsterhus :
>
> Willy,
>
> Am 23.12.18 um 21:20 schrieb Moemen MHEDHBI:
> > Hi,
> >
> > The attached patch adds the ssl_sni_check converter which returns true
> > if the sample input string matches a loaded certificate's CN/SAN.
> >
> > This can be usef
Am Sa., 29. Sep. 2018 um 20:18 Uhr schrieb Willy Tarreau :
>
> Hi Adis,
>
> On Thu, Sep 27, 2018 at 05:32:22PM +0200, Adis Nezirovic wrote:
> > On Thu, Sep 27, 2018 at 04:52:29PM +0200, Thierry Fournier wrote:
> > > I Adis,
> > >
> > > Sorry for the delay, I processed a quick review, and all seems
Hi,
i'm currently experimenting with "http-request set-src". When i use it
in a backend with PROXY Protocol configured, it's working and the IP
is written in the PROXY protocol header.
But what does "set-src" do if no PROXY Procotol is used/can be used?
Is the "http-request set-src" feature onl
2018-07-31 17:56 GMT+02:00 James Brown :
> I think if you use the `http-request set-src` directive it'll populate the
> PROXY headers in addition to the internal logging &c.
>
> On Fri, Jul 27, 2018 at 7:05 AM bjun...@gmail.com wrote:
>>
>> Hi,
>>
>>
Hi,
is there any possibilty to modify the client ip in the PROXY Protocol
header before it is send to a backend server?
My use case is a local integration/functional testing suite (multiple local
docker containers for testing the whole stack - haproxy, cache layer,
webserver, etc.).
I would like
Hi,
we want to roll-out 1.7.8 in production (upgrading from 1.6.8).
While preparing the update (reading changelog/mailinglist/git log,
searching for known issues etc.), i stumbled upon this:
https://www.mail-archive.com/haproxy@formilux.org/msg26282.html
I don't know if i'm interpreting "TUNNE
2017-08-01 10:47 GMT+02:00 Thierry Fournier :
>
>> On 31 Jul 2017, at 22:41, bjun...@gmail.com wrote:
>>
>> Hi,
>>
>> i'm experimenting with some Lua code in HAProxy where i need a simple
>> key/value store (not persistent). I want to avoid Redis or o
Hi,
i'm experimenting with some Lua code in HAProxy where i need a simple
key/value store (not persistent). I want to avoid Redis or other external
dependency.
Is there some sort of shared memory segment in HAProxy Lua integration that
can be used? (or is it possible to access HAProxy stick-table
Hi,
i've an issue that was already posted some time ago (i'm using HAProxy
1.7.8):
https://discourse.haproxy.org/t/core-msleep-not-working-in-
http-resp-http-response
It seems that sleep is completely ignored, but the connection hangs as long
as the value in "timeout connect".
---
2017-07-29 16:57 GMT+02:00 Charlie Elgholm :
> Ok, but anyhow, this actually means that I can use http-response to do
> something on the response. That's good. I'll play with it for a while on my
> dev-server. Nice!
>
> Version can be upgraded, of course, if I can just motivate it! :)
>
> Den 29 ju
Hi,
i would like to implement a circuit breaker functionality with the help of
HAProxy.
For example, if the average response time of the http requests of a backend
server is above a certain threshold in the last x seconds, trip the circuit
breaker for a period of x seconds (respond with 503 and/o
Am Freitag, 5. August 2016 schrieb CJ Ess :
> So I know I can use Haproxy to send 429s when a given request rate is
> exceeded.
>
> I have a case where the "user" is mostly screen scrapers and click bots,
> so if I return a 429 they'll just turn around and re-request until
> successful - I can't e
2016-02-10 8:17 GMT+01:00 Willy Tarreau :
> On Tue, Feb 09, 2016 at 06:10:01PM +0100, bjun...@gmail.com wrote:
> > Hi,
> >
> > i'm currently testing 1.6.3 and request body logging. I'm wondering that
> > logging of req body even works without setting "
Hi,
i'm currently testing 1.6.3 and request body logging. I'm wondering that
logging of req body even works without setting "option
http-buffer-request". Also "no option http-buffer-request" seems to have no
effect.
Is this intended or have i missed something?
simplified config:
frontend f
Hi,
when a healthcheck ("fall 2") on a backend server is failing, the status of
the backend is changing to "DRAIN 1/2" (I do not manually set the DRAIN
state nor do i have agent-check's)
Does that mean that for the period till the next healthcheck, the server is
completely removed from load bala
2015-12-02 17:31 GMT+01:00 Olivier Doucet :
>
>
> 2015-12-02 17:25 GMT+01:00 Olivier Doucet :
>
>>
>> 2015-12-02 15:44 GMT+01:00 Michel Blanc :
>>
>>> Very good idea.
>>>
>>> Do you plan creating a git repo somewhere so people can contribute
>>> and/or create issues ?
>>>
>>> You might be interest
2015-09-11 10:55 GMT+02:00 Baptiste :
> On Fri, Sep 11, 2015 at 10:41 AM, Tim Verhoeven
> wrote:
> > Hello everyone,
> >
> > I'm mostly passive on this list but a happy haproxy user for more then 2
> > years.
> >
> > Now, we are going to migrate our platform to a new provider (and new
> > hardwar
2015-07-21 6:59 GMT+02:00 Vincent Bernat :
> ❦ 21 juillet 2015 00:55 +0200, thierry.fourn...@arpalert.org :
>
>> On my computer (debian), the classic command line build used on the
>> last dev version with your patch uses the -ldl two times:
>>
>>make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1
2015-07-22 9:41 GMT+02:00 Baptiste :
> On Mon, Jul 20, 2015 at 8:19 PM, bjun...@gmail.com wrote:
>> 2015-07-13 18:07 GMT+02:00 bjun...@gmail.com :
>>> Hi,
>>>
>>> i'm using stick-tables to track requests and block abusers if needed.
>>> Abusers
2015-07-13 18:07 GMT+02:00 bjun...@gmail.com :
> Hi,
>
> i'm using stick-tables to track requests and block abusers if needed.
> Abusers should be blocked only for a short period of time and i want a
> stick-table entry to expire.
>
> Therefore, i have to check if the c
2015-07-16 21:04 GMT+02:00 Vincent Bernat :
> ❦ 13 juillet 2015 19:58 +0200, Vincent Bernat :
>
>> I suppose that either -ldl could be added to OPTIONS_LDFLAGS append,
>> like this is done for -lm. Or USE_DL section could be moved towards the
>> end. I think the first solution is better since lib
Hi,
i'm trying to build HAProxy 1.6 (git HEAD) with Lua (5.3.1) on Ubuntu 14.04.
This was my first try:
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=yes
LUA_LIB=/opt/lua53/lib/ LUA_INC=/opt/lua53/include/ LDFLAGS=-ldl
resulting error:
.
.
.
gcc -ldl -o haproxy src/hap
Hi,
i'm using stick-tables to track requests and block abusers if needed.
Abusers should be blocked only for a short period of time and i want a
stick-table entry to expire.
Therefore, i have to check if the client is already marked as an
abuser and do not track this client.
example config:
f
Hi,
is there any workaround if updating to 1.5.14 isn't possible
immediately (for ex. disable http pipelining?)
---
Best Regards / Mit freundlichen Grüßen
Bjoern
Hi Holger,
"tcp-response content track- / http-response track-" would be a nice
feature, don't know if this is on the roadmap.
For the moment i can only imagine the following (needs HAProxy 1.6):
http-response lua script.lua
Within this Lua function, you check the http response code and
upd
000))
end
-
---
Bjoern
2015-06-19 19:37 GMT+02:00 PiBa-NL :
> try it with: math.rand(1000)
>
> bjun...@gmail.com schreef op 19-6-2015 om 14:15:
>
>> Hi,
>>
>>
>> i've tried Thierry's example:
>>
>>
>>
>> f
Hi,
i want to delay specific requests and i want to have a random delay
for every request (for example in a range from 1000ms - 2000ms)
As an ugly hack, you can use the following (with a static value):
tcp-request inspect-delay 2000ms
tcp-request content accept if WAIT_END
I think i can ac
Hi,
i would like to redirect the following urls with HAProxy:
www.example.at.prod.site.local -> m.example.at
www.example.de.prod.site.local -> m.example.de
.
.
.
.
apache mod_rewrite-rule:
RewriteCond %{HTTP_HOST} ^(www\.)?example\.([a-z]{2,3}).prod\.site\.local$ [NC]
RewriteRule ^/(.*)$
2014-09-04 14:33 GMT+02:00 bjun...@gmail.com :
> Hi,
>
>
> i'm using the following in a backend to rate-limit spider or bad
> behavior clients:
>
>
> backend be_spider
>
> tcp-request inspect-delay 2000ms
> tcp-request content accept if WAIT_END
Hi,
i'm using the following in a backend to rate-limit spider or bad
behavior clients:
backend be_spider
tcp-request inspect-delay 2000ms
tcp-request content accept if WAIT_END
server node01 192.168.1.10:80 maxconn {LOWVALUE}
If now an abuser/spider/crawler is making many reque
2014-09-03 11:36 GMT+02:00 Baptiste :
>>>
>>>
>>> Hi,
>>>
>>>
>>> it's working now with the following "workaround" (config simplified):
>>>
>>>
>>>
>>> frontend http_in_01
>>>
>>> bind 0.0.0.0:80
>>>
>>> http-request set-header X-Concat
>>> %[req.fhdr(User-Agent)]_%[req.fhdr(host)]
>>>
2014-08-25 18:58 GMT+02:00 bjun...@gmail.com :
> 2014-08-20 19:33 GMT+02:00 bjun...@gmail.com :
>> 2014-08-18 18:49 GMT+02:00 Emeric Brun :
>>> On 08/18/2014 05:49 PM, Baptiste wrote:
>>>>
>>>> On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com
>
2014-08-20 19:33 GMT+02:00 bjun...@gmail.com :
> 2014-08-18 18:49 GMT+02:00 Emeric Brun :
>> On 08/18/2014 05:49 PM, Baptiste wrote:
>>>
>>> On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com
>>> wrote:
>>>>
>>>> Hi,
>>>>
&
2014-08-18 18:49 GMT+02:00 Emeric Brun :
> On 08/18/2014 05:49 PM, Baptiste wrote:
>>
>> On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com
>> wrote:
>>>
>>> Hi,
>>>
>>> i was digging through some old threads:
>>>
>>>
>
Thanks Emeric, brilliant idea.
I will try this configuration.
---
Bjoern
2014-08-18 18:49 GMT+02:00 Emeric Brun :
> On 08/18/2014 05:49 PM, Baptiste wrote:
>>
>> On Sun, Aug 17, 2014 at 4:49 PM, bjun...@gmail.com
>> wrote:
>>>
>>> Hi,
>>
Hi,
i was digging through some old threads:
http://t53814.web-haproxy.webtalks.info/help-with-tcp-request-content-track-sc1-t53814.html
http://marc.info/?l=haproxy&m=139458469126719&w=2
I have the same requirement and want to track not only on src (source
ip), i want to concatenate src + hdr(Us
2014-08-07 1:16 GMT+02:00 Cyril Bonté :
> Hi Bjoern,
>
> Le 06/08/2014 22:16, bjun...@gmail.com a écrit :
>
>> Hi Mark,
>>
>> trying to test this one, but if i use the "frontend/backend"-syntax
>> (and not the "listen"-syntax) with "exte
2014-08-04 11:44 GMT+02:00 Mark Brooks :
> We have started doing some testing with the external health check
> functionality but unfortunately we cannot get the real servers to be
> marked as online when using this feature.
>
> This was tested with haproxy-ss-20140720
>
> When using the external ch
Hi folks,
I've a question regarding the ordering/processing of ACL’s.
Example (HAProxy 1.4.24):
frontend http_in
.
.
acl is_example.com hdr_beg(host) -i example.com
acl check_id url_reg code=(1001|1002|)
acl check_id url_reg code=(3000|4001|)
use_
Thanks Bryan,
i've got it now.
I missed that the query string isn't considered part of the *path*.
Best Regards,
Bjoern
2014-05-02 11:05 GMT+02:00 bjun...@gmail.com :
> Hi,
>
> i'm trying a basic redirect with HAProxy:
>
>
> frontend http
>
>
Hi,
i'm trying a basic redirect with HAProxy:
frontend http
acl is_domain hdr_dom(host) -i abc.example.com
acl root path_reg ^$|^/$
redirect location http://abc.example.com/?code=1234 code 301 if
is_domain root
Unfortunately this ends up in a redirect loop.
I suspect th
Hi Willy,
same problem as mentioned here:
http://comments.gmane.org/gmane.comp.web.haproxy/7172
I've tried for three days in a row.
P.S.: 1.5-dev22 is not linked on the front page, is this intended ?
---
Bjoern
I'm using 1.4.24.
I've tested some cases in the meantime, but these tests don't give a clear
answer.
Anybody an idea ?
2013/6/26 bjun...@gmail.com
> Hi folks,
>
> i've a question regarding "use_backend" and how conditions are processed.
>
>
>
Hi folks,
we want to use http keep-alive + content-switching with HAProxy.
I would like to ask if it's safe to use content-switching with http
keep-alive when we use "option http-server-close" ?
We want to use content-switching with standard matching criteria's (
hdr_dom(host), url_reg ).
Hi folks,
i've a question regarding "use_backend" and how conditions are processed.
My Example:
frontend http_in_01
bind 1.2.3.4:80
log global
option httplog
capture request header Host len 32
capture request header User-Agent len 200
reqidel ^X-F
everybody will be aware that
> the issue is not related to HAProxy
>
> cheers
>
>
>
> On Fri, Sep 28, 2012 at 3:15 PM, bjun...@gmail.com
> wrote:
> > Hi,
> >
> > thanks Baptiste, you were right.
> >
> >
> > apache error logs:
> >
> &g
63 matches
Mail list logo