varnish02 10.27.121.241:80 check
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
the 408.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
]: 10.46.10.145:58872
[18/Feb/2014:14:46:02.455] example.dk .dk/NOSRV -1/-1/30 212 cR
1/1/0/0/0 0/0
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
or anything.
I can reproduce it by pressing f5 (a few times in a row) in my browser
(firefox) and IE.
I cannot reproduce it in chromium.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly
.
Regards,
Lukas
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
should make a choice (or use option http-keep-alive in recent
haproxy 1.5 dev versions).
- the balance keyword is not valid in a frontend section.
- you should avoid the use of stats enable in the defaults section.
my bad - I've removed that.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http
to httplog.
when I get the 408 - I see nothing but 200 and 304 returncodes in the logs.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
httpclose from your configuration and let us
know when it's done ?
I had already removed it. I found a option http-server-close that I
missed, which I've removed now.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix
and timesync is disabled:
# vmware-toolbox-cmd timesync status
Disabled
Klavs Klavsen said the following on 02/20/2014 11:06 AM:
Lukas Tribus said the following on 02/20/2014 10:16 AM:
Hi,
Can you tell us more about this server? What OS is running? Any firewalls
(software or hardware)? Any
errors.
Please always respond the the mailing list as well.
I didn't want to send attachments to the list.. so it should only be
those that didn't get send to the list (and I should probably just have
send the attachment off-list and not the entire email). sorry.
--
Regards,
Klavs Klavsen
the script to test timejumps in a second :)
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
copy
pasted both the patches below, so you'll have to copy the lines or they won't
apply due to mangled spaces.
I'll apply the patch and build a new rpm.. will return back later today.
Thank you very much for your assistance.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http
/jquery.fitvids.js HTTP/1.1
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
starting
with Timeout detected: ).
I'll do that and come back.
--
Best regards,
Klavs Klavsen, Cell 61281200
it - where the loadbalancer simply forwards the packages using MAC
address, and the source ip stays the clients ip.. but I'd like to use
haproxy - as I have most experience with that.
Can anyone shed some light on how that part works?
Thank you in advance
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk
to the expected load.. (they want to
connect different boxes, mobile phones etc. to this xmpp setup).
I'll have to start somewhere, and then I'll have to figure out how to
test simulate this load in some way - before I hit this limit in
production :)
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http
response codes
X times (or just until all backends have been tried) ?
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
I'm definetely missing something.. ?
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
dooh.. point to correct file and things work.. :)
Klavs Klavsen said the following on 09/19/2014 02:18 PM:
Hi,
I'm running haproxy01 and trying to make this new map feature work, but
I get this error:
[ALERT] 261/141604 (29621) : Proxy 'cachebackend': unable to find
required use_backend
.. :)
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
http response codes
X times (or just until all backends have been tried) ?
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
JCM said the following on 09/26/2014 11:46 AM:
On 25 September 2014 14:47, Klavs Klavsen k...@vsen.dk wrote:
Any way to make haproxy retry requests with certain http response codes
X times (or just until all backends have been tried) ?
Nope. You really don't want to do this. And I'd be sad
ohh- and if I were concerned about that.. one could just make it so one
haproxy would only retry GETs.. not POSTS..
JCM said the following on 09/26/2014 11:46 AM:
On 25 September 2014 14:47, Klavs Klavsen k...@vsen.dk wrote:
Any way to make haproxy retry requests with certain http response
X-SSL %[ssl_fc]
and was wondering if we could somehow make haproxy set a header with the
group the user is in and/or (preferrably both :) the username that is
logged in ?
So we do not have to have http-auth files litterede around on servers
behind haproxy :)
--
Regards,
Klavs
use_backend pbutik-pre if is_pbutikken_pre
use_backend pbutik-prod if is_pbutikken
use_backend pbutik-test if is_pbutikken_test
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry
setup) how many are
enabled in it's webcluster, and if enough are available - it simple
removes the enable file - and the server is taken out.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly
requests to it.
It's quite easily noticed, and since we peak at 1500 req/s on a daily
basis - a lot of requests can reach the faulty backend, before it's
pulled out by a health check.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand
the reason
for the problem.
Thank you for the video.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
..
I realize it's obviously not an itch that's scratching for anyone
currently.. but is there already a feature request somewhere on this, or
can I file one? :)
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned
wrote on 02/05/2015 01:28 PM:
Hi,
On Thu, Feb 05, Klavs Klavsen wrote:
Hi guys,
I'm testing our haproxy setup in regards to SSL performance - by
simply using ab, and fetching a favicon.ico file..
over http haproxy delivers 3.000 req/s.
over https haproxy delivers 511 req/s.
I tried giving
that for each of the 4 stats editions -
before it's actually active or is that state shared among them all?
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
Jarno Huuskonen wrote on 02/05/2015 01:28 PM:
Hi,
On Thu, Feb 05, Klavs Klavsen wrote:
Hi guys,
I'm testing our haproxy setup in regards to SSL performance - by
simply using ab, and fetching a favicon.ico file..
over http haproxy delivers 3.000 req/s.
over https haproxy delivers 511 req/s
running on vmware 5.5 on local hardware - nowhere else to go :(
If I set haproxy to just send a 301 response (ie. not relay to varnish
delivering the favicon.ico) - I get approx 15k req/s..
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do
across two endpoints.
It's definetely a risky way to go, unless you are very up2snuff on OSPF,
TCP and networking in general.. :)
always nice to learn about ECMP though.. I've only seen anycast.. that's
super cool.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf
is inresponsive.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
it in the same datacenter as well..
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
Can I perhaps do something like:
tcp-request content track-sc2 hdr(X-Forwarded-For)
acl conn_limit_hit sc2_conn_cur gt 2
?
Klavs Klavsen wrote on 03/24/2015 01:11 PM:
Hi,
We would like to limit how many connections a given IP can send to our
backend.
Our setup is like this:
haproxy
to the server when I set the
block.. :(
So when I have 3 backends - behind the same frontend, I have
Jarno Huuskonen wrote on 03/24/2015 02:23 PM:
Hi,
On Tue, Mar 24, Klavs Klavsen wrote:
#create a stick-table of 30 IPs for storing active IPs, 5 minute timeout
stick-table type ip size 30 expire 5m
I tried
acl allowed sc2_conn_cur lt 2
block unless allowed
it blocked every access :(
Klavs Klavsen wrote on 03/24/2015 01:19 PM:
Can I perhaps do something like:
tcp-request content track-sc2 hdr(X-Forwarded-For)
acl conn_limit_hit sc2_conn_cur gt 2
?
Klavs Klavsen wrote on 03/24/2015
option accept-invalid-http-reques
stick store-request hdr(X-Forwarded-For)
stick-table type string len 20 expire 5m store gpc0
tcp-request content track-sc2 hdr(X-Forwarded-For)
Jarno Huuskonen wrote on 03/24/2015 02:23 PM:
Hi,
On Tue, Mar 24, Klavs Klavsen wrote:
#create
,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
-forwarded-for header?
[CUT]
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
Those who do not understand Unix are condemned to reinvent it, poorly.
--Henry Spencer
matches hosts like hest.kk.dk :(
He changed the first: hdr_end(host) to just hdr(host) - and it worked as
it should..
it seems if you use hdr_end on first match- that is used on the rest
even though it shouldn't ?
We're running haproxy 1.5.11 on those boxes.
--
Regards,
Klavs Klavsen, GSEC - k
Hi Cyril,
Thank you for enlightening me.. we'll correct that mistake :)
Cyril Bonté wrote on 02/24/2015 09:20 AM:
Hi Klavs,
Le 24/02/2015 08:56, Klavs Klavsen a écrit :
Hi guys,
A colleague just found an issue last night, where this acl:
acl is_kk-dk hdr_end(host) -i kkdk3.testkkdk.kk.dk
:0
Klavs Klavsen wrote on 04/14/2015 08:49 AM:
Hi Baptiste,
Thank you very much for your help.
Unfortunately it didn't work.. I tried this:
frontend kms-ds-nocache
bind x.x.x.x:80
mode http
balance roundrobin
default_backend kms-ds-backend
option httplog
option accept
.
the conf above uses the 'tcp-request content' instead, and to be sure
we'll find the header, I've added the inspect delay which accept the
request once the buffer is confirmed to contain HTTP.
Baptiste
On Tue, Apr 7, 2015 at 12:33 PM, Klavs Klavsen k...@vsen.dk wrote:
Back from easter vacation
track-sc1' : fetch method 'hdr(X-Forwarded-For)'
extracts information from 'HTTP request headers,HTTP response headers',
none of which is available here
I took the example from
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
:(
--
Regards,
Klavs
.. which could substract
the first part ^\/([^/])\/ - and then use \1 to match in map file..
But perhaps the map_reg isn't that expensive?
Klavs Klavsen wrote on 01/28/2016 03:39 PM:
Hi guys,
I figured I could use map feature of 1.5, but I'm coming up short,
trying to change this:
use_backend
"something like" regrep instead of hdr(host)?
Klavs Klavsen wrote on 01/26/2016 02:53 PM:
Hi guys,
we have a long list of backends (want to monitor each application on a
tomcat behind us) - and would like to use part of the url ( first part
between / / ) to identify the backend (
the haproxy 1.5 docs..
I was hoping any of you had some hints :)
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
50 matches
Mail list logo