Re: HTTP/2 Denial of Service Advisory

2019-08-14 Thread Willy Tarreau
Hi again, small update on this below. On Tue, Aug 13, 2019 at 10:50:46PM +0200, Willy Tarreau wrote: > Hi Aleks, > > On Tue, Aug 13, 2019 at 07:02:49PM +, Aleksandar Lazic wrote: > > Have anyone seen this and maybe some information is haproxy vulnerable > > against this attacks? > > > >

Haproxy 2.0.4 - HTTP/2 on stats page prevents actions

2019-08-14 Thread Marco Corte
Hi. Environment: - Ubuntu 18.04 - Haproxy 2.0.4 from vbernat repository I found a strange behaviour of the statistics page if when alpn h2,http/1.1 is in the "bind" line of the statistics like: frontend stats-http mode http option httplog bind 10.64.69.192:443 alpn h2,http/1.1 ssl crt