Hello everyone,
The vulnerability scanner has flagged the stats page as being vulnerable to
clickjacking. I am trying to fix this, by publishing the stats on its own
frontend and add a header:
frontend stats
bind 10.11.12.13:9000
stats enable
stats uri /stats
stats refresh 10s
#rspadd X-Fr
Hello,
Is there a way to log requests that match the given ACL (and only that
ACL) ? I know I can capture headers by ACL but I can't seem to find any
way to do that for whole log entries.
Cheers
Mariusz
Mariusz,
Am 18.06.20 um 12:59 schrieb Mariusz Gronczewski:
> Is there a way to log requests that match the given ACL (and only that
> ACL) ? I know I can capture headers by ACL but I can't seem to find any
> way to do that for whole log entries.
>
Use http-response set-log-level silent. See:
htt
Hi,
On Thu, 2020-06-18 at 10:06 +0300, Cristian Grigoriu wrote:
> Hello everyone,
>
> The vulnerability scanner has flagged the stats page as being vulnerable
> to clickjacking. I am trying to fix this, by publishing the stats on its
> own frontend and add a header:
>
> frontend stats
> bind 10
Hi Jarno,
Thank you for your workaround, it works!
Here's the output of my haproxy -vv command:
HA-Proxy version 1.7.5-2 2017/05/17
Copyright 2000-2017 Willy Tarreau
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fdebug-prefix-map=/build/haproxy-2
Cristian,
Am 18.06.20 um 15:20 schrieb Cristian Grigoriu:
> Thank you for your workaround, it works!
>
> Here's the output of my haproxy -vv command:
>
> HA-Proxy version 1.7.5-2 2017/05/17
You really should upgrade to HAProxy 1.7.12 at the very least:
http://www.haproxy.org/bugs/bugs-1.7.5.htm
Hi Tim,
You are right, I'm running an outdated version. There are plans to upgrade to
the latest version soon.
Thank you for the example, I learned something new today.
Best regards,
Cristian Grigoriu
> On Jun 18, 2020, at 16:43, Tim Düsterhus wrote:
>
> Cristian,
>
> Am 18.06.20 um 15:20 s
7 matches
Mail list logo