Willy,
Am 11.09.20 um 08:07 schrieb Willy Tarreau:
> On Fri, Sep 11, 2020 at 01:55:10PM +1000, Igor Cicimov wrote:
>> Should we be worried?
>>
>> https://portswigger.net/daily-swig/http-request-smuggling-http-2-opens-a-new-attack-tunnel
>
> But this stuff is total non-sense. Basically the guy is
Hi Ionel,
On Fri, Sep 11, 2020 at 08:35:58AM +0200, Ionel GARDAIS wrote:
> Hi Willy,
>
> Being devil's advocate : isn't the point that even if this is a documented,
> standardized and intended behavior, users relying on the reverse proxy for
> security/sanity checks could by tricked by this featu
On Fri, Sep 11, 2020 at 02:52:30AM -0400, John Lauro wrote:
> I could be wrong, but I think he is stating that if you have that
> allowed, it can be used to get a direct connection to the backend
> bypassing any routing or acls you have in the load balancer, so if you
> some endpoints are blocked,
On Fri, Sep 11, 2020 at 09:02:57AM +0200, Tim Düsterhus wrote:
> According to the article performing a h2c upgrade via TLS is not valid
> according to the spec. HAProxy implements the H2 spec.
"according to the article" :-) There's no such mention in the spec
itself from what I remember, it's just
Willy,
Am 11.09.20 um 09:42 schrieb Willy Tarreau:
> On Fri, Sep 11, 2020 at 09:02:57AM +0200, Tim Düsterhus wrote:
>> According to the article performing a h2c upgrade via TLS is not valid
>> according to the spec. HAProxy implements the H2 spec.
>
> "according to the article" :-) There's no suc
On Fri, Sep 11, 2020 at 09:56:21AM +0200, Tim Düsterhus wrote:
> Willy,
>
> Am 11.09.20 um 09:42 schrieb Willy Tarreau:
> > On Fri, Sep 11, 2020 at 09:02:57AM +0200, Tim Düsterhus wrote:
> >> According to the article performing a h2c upgrade via TLS is not valid
> >> according to the spec. HAProxy
Willy,
[keep this email in CC, it's not subscribed to the list]
"either() takes a boolean as input and returns one of the two argument
strings depending on whether the boolean is true."
Find the full details in the attached patch.
---
We've had a bit of discussion regarding the naming of the c
On 09/11/2020 03:56 PM, Tim Düsterhus, WoltLab GmbH wrote:
We've had a bit of discussion regarding the naming of the converter. I
wanted to avoid calling it `if`, because then we could have stuff like this:
http-request set-var(txn.foo) bool(1),if(bar,baz)
which can easily be confused with:
Hi guys,
First, I really like the feature, that's a great idea.
On Fri, Sep 11, 2020 at 04:28:31PM +0200, Miroslav Zagorac wrote:
> On 09/11/2020 03:56 PM, Tim Düsterhus, WoltLab GmbH wrote:
> > We've had a bit of discussion regarding the naming of the converter. I
> > wanted to avoid calling it
Willy,
Am 11.09.20 um 16:46 schrieb Willy Tarreau:
> First, I really like the feature, that's a great idea.
:-)
>>> - choice (my initial choice)
>>> - ifor / if_or
>>> - ifelse / if_else
>>> - iftrue (with the argument being optional)
>>
>> Maybe something like this would be appropriate (IIF)?
On Fri, Sep 11, 2020 at 04:55:45PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
> I consider 'iif' a bit obscure. It easily looks like a typo. Similar to
> 'iff' for 'if and only if' which tends to generate a number of questions
> as well.
I agree but others possibly know it and we should not conside
Hello all,
there is a small typo in the patch, if says 'iff' instead of 'iif':
---
+ Example:
+http-request set-header x-forwarded-proto %[ssl_fc,iff(https,http)]
---
--
Zaga
What can change the nature of a man?
Miroslav,
Am 11.09.20 um 17:10 schrieb Miroslav Zagorac:
> there is a small typo in the patch, if says 'iff' instead of 'iif':
>
> ---
> + Example:
> + http-request set-header x-forwarded-proto %[ssl_fc,iff(https,http)]
> ---
>
Fun. I didn't receive your reply on company mail. I only got it
Hi all,
Hoping you can help me with this query. I have a selection of micro-backends
deployed per customer as containers on Amazon ECS. These customers each have a
public hostname they use to access their respective micro-backend.
Currently we are using Amazon’s ALB to dispatch to these service
Hi,
HAProxy 2.3-dev4 was released on 2020/09/11. It added 89 new commits
after version 2.3-dev3.
Some might have noticed that we missed the previous dev released two weeks
ago. The fact is that I've been trying hard to attack a deeply rooted old
crap that's been there for more than a decade, and
On Fri, Sep 11, 2020 at 05:19:26PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
> Fun. I didn't receive your reply on company mail. I only got it from the
> list using my personal subscription. I hope this message threads properly.
Yep it does.
> Muscle memory is too strong :-/ I even used search an
Hello,
Haproxy is a great tool indeed. And as long as you are able to add some dynamic
template generation of haproxy config based on your own business logic I
believe you should be good.
You could leverage consul / consul-template and have the haproxy regenerates
bases on your business logic.
so, it is good time to adjust .gitignore :)
I also added commit message with explanation. I'm ok if you modify it by
your will.
чт, 10 сент. 2020 г. в 22:34, Willy Tarreau :
> Hi Ilya,
>
> On Thu, Sep 10, 2020 at 09:45:08PM +0500, ??? wrote:
> > ping :)
>
> Ah sorry, thanks for the remi
18 matches
Mail list logo