You need to collect it in you web server config log
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-10-06 20:52 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>:
> That’s interesting, as this is in the documentation:
>
>
>
> Note that in the HTTP farms profile, the HT
Hello,
in http farm, you can use x-forwarded-for to log real ip.
ZLB add it in http header
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-09-25 21:24 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>:
> Yeah, but I'm using SSL offloading, I'll lose that with that setup. I
>
Hello,
not sure to get what you want. If ZLB is in TCP mode, it does NOT know what
flow are inside and don't touch anything. So it's not going to add any http
header.
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-04-05 13:50 GMT+02:00 Steffen Höhne <steffen.hoe...@jmc-software
Hello,
load balancer only split connections, nothing more.
You still have to update all your webservers.
You can use load balancer to shut each server before updating to avoid bad
connections
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-01-26 12:25 GMT+01:00 Derek Fowler <del.
I fixed issue through vi in config file, so I could start it.
Can you add it to dev request to allow edit of stopped farm?
I don't see any goal in blocking that
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-01-21 19:45 GMT+01:00 Emilio Campos <emilio.campos.mar...@gmail.
Looks like it's done (new interface)
Hope it didn't miss anything
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-01-21 19:47 GMT+01:00 Emilio Campos <emilio.campos.mar...@gmail.com>:
> Some code error in the postinst script into the zen package.
>
> Could you confir
You mean real client connection ? I have a lot of them, it stayed red any
way for days
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-01-21 19:43 GMT+01:00 Emilio Campos <emilio.campos.mar...@gmail.com>:
> Matt is right, HTTP profile need new conns in order to update the backend
to edit a stopped farm (http, https).
Regards,
Mathieu CHATEAU
http://www.lotp.fr
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Hello,
web interface admin password is reset to default while configuration is
kept for others things.
Regards,
Mathieu CHATEAU
http://www.lotp.fr
--
Site24x7 APM Insight: Get Deep Visibility into Application
yes vm and mac spoofing allowed.
I think that pound still send correctly request again when backend is back.
Just on zlb web interface which keep red.
Restartting affected service farm also put backend green
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2016-01-17 16:36 GMT+01:00 Matt
Hello,
glad to see it's now resolved. What is ip address of zen on private network?
Can you show us the complete table ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-11-25 1:07 GMT+01:00 Ernie Dunbar <maill...@lightspeed.ca>:
> I finally found it. I first flushed the
Hello,
no magic there..Check with tcpdump to see where packets are going or stopped
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-11-23 20:31 GMT+01:00 Ernie Dunbar <maill...@lightspeed.ca>:
> So you're able to use the public IP as the farm IP, and the private IPs
> as the
>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/www_access_log" proxy env=forwarded
This will also hide all check_http done by zen to check health
for 503 error, I guess it's a config er
rdialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-10-22 23:29 GMT+02:00 Anthony Hoppe <aho...@sjcourts.org>:
> Hello,
>
> I am trying to troubleshoot some performance issues with a cluster I have
> sitting behind a Zen Load Balancer pair. I'm trying to elimiate the loa
Hello,
standard info:
- zen version
- type of farm, with settings
- VM or physical
You said it's about a performance pb at the beginning, can you say more?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-10-23 1:36 GMT+02:00 Anthony Hoppe <aho...@sjcourts.org>:
>
I think it was on ZLB but not on front end servers.
Maybe I could also resolve this issue if enabling it also on ZLB (and so
activated everywhere)
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-08-03 17:11 GMT+02:00 Emilio Campos emilio.campos.mar...@gmail.com:
Hi Matt, thanks for your
this happening may help*
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-07-29 15:46 GMT+02:00 Emilio Campos emilio.campos.mar...@gmail.com:
Try with ping. Some network devices requiere this kind of packets in order
to update the arp table.
El 29/07/2015 10:58, Matt . yamakasi@gmail.com
Is it only a layer2 or layer3 (routing) too ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-07-28 14:44 GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
OK thanks for the update.
I see this happening on Cisco Switches, at this moment a 3030.
Cheers,
Matt
2015-07-28 14:38 GMT+02
I guess you mean for an http farm ?
Because for tcp farm it's present
I guess it's not related to community or not, just pound not able to limit
on http farm ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-07-28 20:35 GMT+02:00 James Doherty j...@jdoherty.net:
James M Doherty
happened
- a farm / backend is close to maximum number of connections
- Wan is down or xx% used (datalink)
- ...
I hope others will provide more ideas :)
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-07-21 17:35 GMT+02:00 Emilio Campos emilio.campos.mar...@gmail.com
do the trick, or join to cluster one node,
failover to it, and install other one to swap
Even the commercial edition doesn't seem to get new version, which I hope
is not a worrying signal
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-07-14 21:35 GMT+02:00 Christopher Young mexigaba
Hello,
if both active, it means they can't reach other node and think they are
alone.
What about mac address forging in VMware settings?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-07-11 11:24 GMT+02:00 Manuel Canseco mcans...@wtelecom.es:
Hello. I have a cluster on VMware 5.5
Hello,
thanks. When will this version be released?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-29 19:00 GMT+02:00 Emilio Campos emilio.campos.mar...@gmail.com:
Hi Mathieu, it is a bug, solved in new community release.
Thanks!
2015-06-27 11:00 GMT+02:00 Mathieu Chateau
Hello,
any update Emilio ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-24 9:21 GMT+02:00 Mathieu Chateau mathieu.chat...@lotp.fr:
#version ZEN
$version=3.05;
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-24 9:15 GMT+02:00 Emilio Campos emilio.campos.mar
#version ZEN
$version=3.05;
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-24 9:15 GMT+02:00 Emilio Campos emilio.campos.mar...@gmail.com:
Mathieu? What version are you working with?
cat /usr/local/zenloadbalancer/config/global.conf | grep version
it sounds like a old bug
Hello,
any VRRP/cluster ? Maybe switch see mac address twice and block port?
If zen is stopped on node, do you loose also network?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-23 1:53 GMT+02:00 Anthony Hare h...@epcits.com:
Hello,
I have a test box that I am running ver 3.05
You unsubscribe from here:
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-17 21:27 GMT+02:00 David Byrne david.by...@vooservers.com:
How do I unsubscribe from this list?
Best Regards,
*Dave Byrne*
*Head
,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-17 20:58 GMT+02:00 Gruber Alexander alexander.gru...@az-druck.de:
Hi,
a quick howto for pund and openssl upgrade.
First Upgrade to debian wheezy
http://sysadminosaurus.blogspot.de/2014/07/zen-load-balancer-303-perfomance-and.html
*Install
://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
)POODLE (TLS)No (more info
https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
)
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-17 12:49 GMT+02:00 Emrah DALGIÇ emrah.dal
Do you have version 3.0.5 for Zen ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-17 13:21 GMT+02:00 Emrah DALGIÇ emrah.dal...@hititcs.com:
Hello,
I am testing on same page and result is below:
*This server is vulnerable to the POODLE attack. If possible, disable SSL
3
Hello,
to disable ssl v3 and get the highest security, set this custom cipher
ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
TLS v1.2 is not available as it's linked to openssl and we are stuck with
old one.
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-17
mail ports / load balanced one
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-15 23:38 GMT+02:00 Ernie Dunbar maill...@lightspeed.ca:
So I'm having a little trouble getting L4xNAT working. Keep in mind that
I'm using our failover server for testing, which currently exists on a
public
Hello,
I think you can use iptables to log all connections, and then forward it
through syslog or so to somewhere else.
But only useful for analyzing over time, not real time decision (like smtp
gray listing)
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-15 21:59 GMT+02:00 Dave
to survive smtp server failure in the whole
internet.
Tcpdump wouldn't be useful as you need the true IP in realtime to block
smtp connection and not accept it at all. Also needed for grey listing.
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-15 16:44 GMT+02:00 Emilio Campos
Hello,
if it's 443 and so https or even http, zen is adding an item in http header
with real ip X-Forwarded-For
I use it successfuly for my web server to log real remote ip.
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-15 22:04 GMT+02:00 VELARTIS Philipp Dürhammer
p.duerham
Hello,
can you try only using one Exchange server in zen ? just to enforce
affinity.
Do you publish also OWA? Is it working ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-05 23:03 GMT+02:00 VELARTIS Philipp Dürhammer
p.duerham...@velartis.at:
Hi,
works like a charm
Hello,
on Exchange OA, did you enable SSL offloading ?
On Zen, did you enable session persistence ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-06-02 1:56 GMT+02:00 VELARTIS Philipp Dürhammer
p.duerham...@velartis.at:
Hi,
i tried to setup ZEN as a LB for Outlook Anywhere
Hello,
maybe you can NAT Zen ip address on firewall close to web server, so reply
will go back to zen.
Client won't accept tcp/ip answer coming from another IP and source port
that the one they connect to (no match)
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-29 4:54 GMT+02:00
Hello,
i think you should upload what's inside the zip, not zip itself.
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-25 19:21 GMT+02:00 James Doherty j...@jdoherty.net:
I just tried to but an SSL certificate from SofIntel.
I think everythig went fine until I tried to upload
Yes as *.pem file I think this is what I did
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-25 19:42 GMT+02:00 James Doherty j...@jdoherty.net:
8726dac84715b.crt
sf_bundle-xxx-g1.crt
It rejected both?
Do I need to rename them to .pem or something else ?
James M Doherty
tooltip says so:
[image: Images intégrées 1]
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-25 20:37 GMT+02:00 Mathieu Chateau mathieu.chat...@lotp.fr:
Yes as *.pem file I think this is what I did
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-25 19:42 GMT+02:00
Hello,
By default you will get ssl offloading. Issue may be with page
content/javascript and redirection.
Link inside page must contains https even if the web server is receiving
connection from port 80/without ssl.
You will have to put a redirect, so user coming on port 80 from outside are
/James_M_Doherty_1.html
On Thu, May 21, 2015 at 9:04 AM, Mathieu Chateau mathieu.chat...@lotp.fr
wrote:
Hello,
By default you will get ssl offloading. Issue may be with page
content/javascript and redirection.
Link inside page must contains https even if the web server is receiving
Hello,
you are providing the answer yourself in the subject. Use
HTTP_X_FORWARDED_FOR instead of REMOTE_ADDR.
Rewrite Location headers is not needed to get it
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-20 14:01 GMT+02:00 James Doherty j...@jdoherty.net:
I have been trying
GUI. Editing conf
file manually then breaks GUI.
So you start with a bundle and end up doing everything yourself like if it
wasn't one.
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-20 9:40 GMT+02:00 Kristian Marcroft kristian.marcr...@gmail.com:
Hi,
I'm not sure I have ever had
be a bad idea.
just my 2 cents
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-21 1:28 GMT+02:00 Christopher Young mexigaba...@gmail.com:
I will actually try and take a look at that. I'm a RHEL/CentOS guy
predominantly, but I will look into some minimal Ubuntu installs to test
Current version, at least community one (free) is using 32 bit debian. So
memory is not used as it should
I stick with VM, even with SSL sites
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-19 20:09 GMT+02:00 Mark Stephens mstephens1...@gmail.com:
I would like to know the hardware
Hello,
Vertical titles on graphs are truncated if longer than graph height:
[image: Images intégrées 1]
Just to report issue, i don't know if it's the good place. Would be
classified as minor I guess.
Regards,
Mathieu CHATEAU
http://www.lotp.fr
Which hypervisor are you using ? need to be sure VM can forge Mac address
and switches in the middle don't become crazy
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-17 15:05 GMT+02:00 Matt . yamakasi@gmail.com:
Anyone some idea about this ?
Doesn't happen at the moment
I am using VMware ESXi, so I am not aware of kernel issue.
My GUI is also really slow (on loading images one by one). I think I have
that since I updated Pound co to get new features.
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-17 15:44 GMT+02:00 Matt . yamakasi@gmail.com
Hello,
yes, I am looking if a way to avoid hardcoding/manually enter vhost... I
can live with it if not possible
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-16 18:57 GMT+02:00 Dave Urig du...@onetouchemr.com:
I have a php page on my sites that system load, and anything under
there are only 2 constants: HOST and PORT.
Did anyone manage to workaround that ?
Regards,
Mathieu CHATEAU
http://www.lotp.fr
--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box
Hello,
yes, i already saw your blog. Thing is I do have a lot of website, and do
not want to maintain one by one.
Weird, with IIS + ARR it's really easy to do that :'(
Thanks for helping anyway :)
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-05-11 19:40 GMT+02:00 Justin Bennett
Hello,
as you are using a TCP farm, ZLB is not parsing / doing anything on packets.
You must use an HTTP farm to get X-Forwarded-For.
Using http farm allow also detection of others things
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-04-28 9:48 GMT+02:00 Roberto Calvente Aragón
Hello,
For 2GB files, it's resolved since i upgraded my zen to pound 2.6,
following the great post i spoke about before
Envoyé de mon iPad
Le 22 avr. 2015 à 09:53, Emilio Campos emilio.campos.mar...@gmail.com a
écrit :
Hi , zen doesn't delete any kind of header HTTP included.
BTW a member of
Checkpoint is a high end firewall, it should definitely be able to do what
you want. But i didn't put my hand on it for a while...
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-04-15 20:10 GMT+02:00 Manish Rane manish...@gmail.com:
Hey there,
Its an checkpoint and yes all the traffic
Hello,
is it planned somehow in your roadmap to update these parts? Does
enterprise version have them ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-04-13 9:51 GMT+02:00 Emilio Campos emilio.campos.mar...@gmail.com:
HI Mathiew, both points are possible, compile by yourself 2.7
How to install open-vm-tools:
vi /etc/apt/sources.list: add contrib to deb and deb-src
apt-get install open-vm-tools open-vm-source
module-assistant auto-install open-vm -i
reboot
Regards,
Mathieu CHATEAU
http://www.lotp.fr
guy wrote patches for pound 2.6 to add
SSLAllowClientRenegotiation
and SSLHonorCipherOrder
:
http://jonaspasche.com/pound/
These patches were merged into pound 2.7, so using 2.7 would be better as
it add others stuff.
Regards,
Mathieu CHATEAU
http://www.lotp.fr
Hello,
could it be possible to secure SSL on GUI service ?
like disable ssl2,ssl3, only allow tls 1.2
Regards,
Mathieu CHATEAU
http://www.lotp.fr
--
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
hello,
thanks for explaination.
Do they count against the maximum number of connection ?
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-04-01 19:00 GMT+02:00 Emilio Campos emilio.campos.mar...@gmail.com:
Hi Mathie, the Closed Conns are the connections in TIME_WAIT status, those
of requests larger than 2GB
The software is at version 2.6e (beta quality). Further testing
(especially under heavy loads), improvements and suggestions are
welcome.[...]
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-03-03 8:15 GMT+01:00 Mathieu Chateau mathieu.chat...@lotp.fr:
Hello
, i guess it's the pound process which has the issue as
it's a 32 bit binary?
/usr/local/zenloadbalancer/app/pound/sbin# file pound
pound: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.18, not stripped
regards,
Mathieu CHATEAU
Hello,
I am new on zen, but maybe a continous ping can be added in /etc/rc.local
or the start script in zen folder ? This may be a workaround waiting for
the new feature
Regards,
Mathieu Chateau
Envoyé de mon iPad
Le 2 mars 2015 à 08:44, Roger Sikorski roger.sikor...@de.rr-icecream.eu a
écrit
*
zz.domainA.com but still have the issue
regards,
Mathieu CHATEAU
http://www.lotp.fr
2015-02-26 9:10 GMT+01:00 Emilio Campos emilio.campos.mar...@gmail.com:
Hi Mathiew, it use regexp in that case try to be more expecific, with
something like this:
- ^domainA.com||^www.domainA.com http
. Now when i go to it, it sends me
www.domainB.com instead!
All others are ok, including yy.domainA.com
Quite weird
They all use same virtual servers except this one (zz.domainA.com).
Regards,
Cordialement,
Mathieu CHATEAU
http://www.lotp.fr
2015-02-24 10:14 GMT+01:00 Emilio Campos
you another one!
regards
Mathieu CHATEAU
http://www.lotp.fr
--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity
67 matches
Mail list logo