On Mon, Mar 19, 2018 at 10:23:47PM +0100, Tim Düsterhus wrote:
> Willy,
>
> Am 19.03.2018 um 22:15 schrieb Willy Tarreau:
> > Looks like it indeed. By then there was no "http-request" ruleset
> > either. Maybe we could move it to a place where it's generated
> > earlier, or maybe we could ensure t
Willy,
Am 19.03.2018 um 22:15 schrieb Willy Tarreau:
> Looks like it indeed. By then there was no "http-request" ruleset
> either. Maybe we could move it to a place where it's generated
> earlier, or maybe we could ensure that it's computed on the fly
> when the associated sample fetch function is
On Mon, Mar 19, 2018 at 10:04:25PM +0100, Tim Düsterhus wrote:
> Willy,
>
> Am 19.03.2018 um 21:47 schrieb Willy Tarreau:
> > Simply because unique-id was created many years before the extensible
> > log-format ou know today existed, and that apparently nobody felt the
> > need to port it. It may
Willy,
Am 19.03.2018 um 21:47 schrieb Willy Tarreau:
> Simply because unique-id was created many years before the extensible
> log-format ou know today existed, and that apparently nobody felt the
> need to port it. It may be as simple as creating a few sample fetches,
> I don't know.
This was mo
On Mon, Mar 19, 2018 at 09:40:01PM +0100, Tim Düsterhus wrote:
> As a side question: Why do I have to do unique-id-header, instead of
> http-request set-header for the unique request ID? And why can't I
> capture it with capture (request|response) header but instead have to
> plug into manually int
Willy,
Am 19.03.2018 um 11:54 schrieb Willy Tarreau:
>> This issue prevents me from submitting one domain to the HSTS preload
>> list, as I need to perform a redirect on the zone's apex and that
>> redirect does not include the HSTS header.
>
> I *suspect* that in the end we could simply add a se
Hi Tim,
On Tue, Mar 13, 2018 at 12:37:44AM +0100, Tim Düsterhus wrote:
> Willy,
>
> I'd like to bring this issue to your attention again, possibly you are
> able to find a solution for haproxy 1.9?
I hope so, but we'll need to be sure that someone is assigned to this,
otherwise I'll keep being b
Willy,
I'd like to bring this issue to your attention again, possibly you are
able to find a solution for haproxy 1.9?
This issue prevents me from submitting one domain to the HSTS preload
list, as I need to perform a redirect on the zone's apex and that
redirect does not include the HSTS header.
Hi Thierry,
On Sun, Feb 26, 2017 at 07:02:52PM +0100, thierry.fourn...@arpalert.org wrote:
> Haproxy can't add header to a redirect because redirect is a final
> directive. After executing the redirect no more action are executed.
We really need to think about it for the short term future because
Hi Igor,
Am 26.02.2017 um 23:19 schrieb Igor Cicimov:
|I don't see how is the hsts header being inserted in the redirect?|
||
You right, it doesn't. May bad, I didn't read the article properly.
However the example in the email from Thierry should do the trick; I
thought the article does th
On 27 Feb 2017 9:19 am, "Igor Cicimov"
wrote:
Hi Lukas,
On 27 Feb 2017 5:53 am, "Lukas Tribus" wrote:
Hi,
Am 26.02.2017 um 19:02 schrieb thierry.fourn...@arpalert.org:
> Hi,
>
> If I understand, the 301 is produced by haproxy. If it is the case,
> there are an ugly soluce.
>
> Haproxy can'
Hi Lukas,
On 27 Feb 2017 5:53 am, "Lukas Tribus" wrote:
Hi,
Am 26.02.2017 um 19:02 schrieb thierry.fourn...@arpalert.org:
> Hi,
>
> If I understand, the 301 is produced by haproxy. If it is the case,
> there are an ugly soluce.
>
> Haproxy can't add header to a redirect because redirect is a
Hi,
Am 26.02.2017 um 19:02 schrieb thierry.fourn...@arpalert.org:
Hi,
If I understand, the 301 is produced by haproxy. If it is the case,
there are an ugly soluce.
Haproxy can't add header to a redirect because redirect is a final
directive. After executing the redirect no more action are exe
Hi,
If I understand, the 301 is produced by haproxy. If it is the case,
there are an ugly soluce.
Haproxy can't add header to a redirect because redirect is a final
directive. After executing the redirect no more action are executed.
The trick is to create a listen proxy dedicated for redirect,
I did it again, Sometimes I blame my tools but I wish google would reply to
all, all the time - Apologies Michael
Hello Bartek, Michael,
Actually on further reading what you are trying to do is incorrect
according to the URL at the end of my reply.
It's not possible for any browser that has ever
On Feb 26, 2017 12:14, "Andrew Smalley" wrote:
Hello Bartek
I think the portion of my example you wanted is below
In my example I have a redirect from http to https and as such there is a
acl force src if my local ip address
Here I add the HSTS and then redirect 301 as you wanted.
http-re
Sorry, forgot to include the list.
Please share your config so I can see what you are doing?
Regards
Andrew Smalley
Loadbalancer.org Ltd.
On 26 February 2017 at 17:32, Bartek Radziszewski
wrote:
> Andrew,
>
> Thanks for your answer. Just tested one more time your example and
> unfortunatel
Andrew,
Thanks for your answer. Just tested one more time your example and
unfortunately there is missing Strict-Transport-Security header during 301
redirect:
curl -I https://xxx.com/dupa
HTTP/1.1 301 Moved Permanently
Content-length: 0
Location: https://www.xxx.com/dupa
Connection: close
Bar
Hello Bartek
I think the portion of my example you wanted is below
In my example I have a redirect from http to https and as such there is a
acl force src if my local ip address
Here I add the HSTS and then redirect 301 as you wanted.
http-response set-header Strict-Transport-Security
"max-
it's haproxy related.
How to add header info 301 redirect?
> On 26 Feb 2017, at 17:54, Andrew Smalley wrote:
>
> Hello Bartek
>
> I assumed it was haproxy related and as such my example will work. However I
> hope the link below helps you get going with NGINX
>
> https://www.nginx.com/blog/
Hello Bartek
I assumed it was haproxy related and as such my example will work. However
I hope the link below helps you get going with NGINX
https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
Regards
Andrew Smalley
Loadbalancer.org Ltd.
On 26 February 2017 at 16:47, B
Hi Andrew,
‘
Thanks for your answer. Unfortunately your example is not solving my issue.
I need to add header Strict-Transport-Security into 301 redirect - i made it
already on nginx:
curl -I https://www.xxx.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 26 Feb 2017 16:10:59 GMT
Con
Hello Bartek
I hope the example below helps with adding a http-response for HSTS /
Strict-Transport-Security
listen hsts_example
bind 192.168.0.231:80 transparent
mode http
http-response set-header Strict-Transport-Security
"max-age=15552000; includeSubDomains; preload;"
balance
23 matches
Mail list logo