Immunologists List (no replies)

April 18, 2016, 9:30 am

≫ Next: HAProxy rejecting requests w/ extended characters in their URLs as bad (2 replies)

Hi,

Recently I reviewed your website and come across your services. Would you be
interested in acquiring Immunologists list with email information?

We have also database for Hospitals and Labs, Pharmaceuticals List,
Diagnostics Labs, Pharmacists, Registered Nurses, Surgeons, Physicians,
Cardiologists, Healthcare Professionals, Medical Directors and more.

If you are interested, please let me know your requirements. In turn I'll
get back to you available counts, cost, few samples for your review.

Please do let me know your thoughts.

Regards,

Jennifer Seaton

Research Analyst

↧

HAProxy rejecting requests w/ extended characters in their URLs as bad (2 replies)

April 19, 2016, 6:20 am

≫ Next: [SPAM] Escapades Gastronomiques by Michel Sarran jusqu'à -56pourcent (no replies)

≪ Previous: Immunologists List (no replies)

This is using HAProxy 1.5.12 - I've noticed an issue where HAProxy is
sometimes rejecting requests with a 400 code when the URL string contains
extended characters. Nginx is fronting HAProxy and has passed them through
as as valid requests and just eyeballing them they look ok to me.

An example is a german URL with 0xc3 0x95 contained in the URL

A second example is a latin URL with 0xc3 0xa7 contained in the URL

A third example is an asian URL with 0xe6 0xac 0xa1 0xe3 contained in the
URL (and many more so I may or may not have complete characters in the
example)

I don't know the encoding these characters are part of, there are no hints
in the other headers.

Any idea what I can do to have haproxy accept these?

↧

[SPAM] Escapades Gastronomiques by Michel Sarran jusqu'à -56pourcent (no replies)

April 19, 2016, 11:10 am

≫ Next: haproxy@formilux.org (no replies)

≪ Previous: HAProxy rejecting requests w/ extended characters in their URLs as bad (2 replies)

/**/

Escapades Gastronomiques by Michel Sarran jusqu'à -56%

Devenez membre gratuitement

Escapades gastronomiques by Michel Sarran jusqu'à -56%

Michel Sarran a sélectionné pour vous les meilleurs restaurants étoilés de France ! Ne laissez pas passer nos offres hôtels de luxe + dîner gastronomique pour deux jusqu'à -56%.

ACCÉDEZ AUX VENTES

VENTES PRIVÉES EXCEPTIONNELLES

BARCELONE

CÔTE D'AZUR

LONDRES

Hôtels 4 et 5* en ventes privées à moins de 99€

Des avantages exclusifs réservés aux membres

Des questions ? Notre service client est à votre écoute 6 jours / 7

Voir la version en ligneSe désinscrire

↧

haproxy@formilux.org (no replies)

April 20, 2016, 4:50 am

≫ Next: [SPAM] Mutuelle santé à partir de 7 euros par mois (no replies)

≪ Previous: [SPAM] Escapades Gastronomiques by Michel Sarran jusqu'à -56pourcent (no replies)

看似简单的询盘，背后却蕴含丰富的客户信息。
客户的类型是什么，他的上家和下家分别是谁？他的需求和心理是什么？如果他要more infomation，应该怎么回复？如果他让你发all product list，应该怎么回复？怎样避免报价后没有下文？
2016-04-20 19:46:18www.serverphorums.com当你缺询盘时，阿里巴巴能给你，可是有数量没质量！当你缺询盘时，展会能给你，可是有质量没数量！当你缺询盘时，搜索软件能给你，可是既没数量也没质量！
能给你又多又好的询盘的，只有五步法！
                   详情联系：徐生 1806*40770-52 QQ：2095.8290-93
haproxy@formilux.orgN

↧

[SPAM] Mutuelle santé à partir de 7 euros par mois (no replies)

April 20, 2016, 10:50 am

≫ Next: stats page redirecting to https (4 replies)

≪ Previous: haproxy@formilux.org (no replies)

Afficher la version web.
|
Annuler votre abonnement.
|
Signaler comme courrier indésirable.

html, body {
font-family:Arial;
font-size:12px;
}

Envie d'economiser sur votre mutuelle sante ?

MeilleurComparateur.com

Pour les mêmes garanties,

économisez jusqu'à 45% sur votre mutuelle santé

et je reçois un devis immédiat et sans engagement

Comparez les garanties de 2000 formules santé

* Tarif constaté sur MeilleurComparateur.com le 09 mars 2015 pour une mutuelle standard complète pour un demandeur
d'emploi de 22 ans habitant à Metz.

Plandefou est une marque de la société SC2 Consulting, 12 rue Camille Desmoulins, 92300 Levallois Perret.
Conformément à l'article 34 de la loi Informatique et Liberté du 6 janvier 1978, vous disposez d'un droit d'accès, de modification,
de rectification et de suppression des données vous concernant en adressant votre demande à "report@dgcnit.fr".
Déclaration CNIL - 1516721

Vous souhaitez vous désinscrire de cette liste ? Cliquez ici.

↧

stats page redirecting to https (4 replies)

April 20, 2016, 2:10 pm

≫ Next: "show servers state" shows nothing? (no replies)

≪ Previous: [SPAM] Mutuelle santé à partir de 7 euros par mois (no replies)

I have this in my config:

listen stats 0.0.0.0:8080
description The stats listener.
stats uri /

Elsewhere in my config I have something that will redirect http requests
to the hostname spark.REDACTED.com over to https, which is not anything
unusual. The IP address for this hostname is a VIP that is handled with
pacemaker.

The problem is that if I try to go to http://spark.REDACTED.com:8080/
.... this is redirected to https://spark.REDACTED.com:8080/ ... and I get
this in the log:

Apr 20 12:26:54 localhost haproxy[6629]: 10.2.0.108:49435
[20/Apr/2016:12:26:54.617] stats stats/<NOSRV> -1/-1/-1/-1/0 400 187 - -
PR-- 3/0/0/0/1 0/0 "<BADREQ>"

The entire config for the listener is above -- no redirection. There is
nothing else in the config or on the machine that listens on port 8080.

What have I done wrong? I have another haproxy pair that doesn't do
this, running the same version with similar HTTPS redirects. I don't
see any differences in the config that might cause this.

I can access the stats URL using the actual machine hostname, but if the
machine fails and pacemaker moves everything to the other machine, that
won't work. I want to be able to give our staff a URL that will work
regardless of which machine in the load balancer pair is active.

Thanks,
Shawn

------------------

HA-Proxy version 1.5.12 2015/05/02
Copyright 2000-2015 Willy Tarreau <w@1wt.eu>

Build options :
TARGET = linux2628
CPU = native
CC = gcc
CFLAGS = -O2 -march=native -g -fno-strict-aliasing
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.2a 19 Mar 2015
Running on OpenSSL version : OpenSSL 1.0.2a 19 Mar 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Linux lb3 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux

↧

"show servers state" shows nothing? (no replies)

April 20, 2016, 6:00 pm

≫ Next: (no subject) (no replies)

≪ Previous: stats page redirecting to https (4 replies)

I'm trying to set up state-file saving on 1.6.4, but "show servers state"
doesn't return anything. It works fine if I specify an individual backend
(e.g., "show servers state foo_be"), but not if I run it "bare" (which the
manual suggests should print out states for all backends).

Any thoughts?

--
James Brown
Engineer

↧

(no subject) (no replies)

April 20, 2016, 10:30 pm

≫ Next: Re: The most competitive offer for AHD Camera (no replies)

≪ Previous: "show servers state" shows nothing? (no replies)

Hi Customer, If you can not see the description below, please click here. 如無法閱讀以下的內容，請按此.To learn more, please visit www.hk-printing.com.hk. 想了解多D請到www.hk-printing.com.hk LOSS 20%          LOSS 20%            LOSS 20%      咭片 BUSINESS CARD         LOSS 20% 8折   LOSS 20%       LOSS 20%         LOSS 20%       LOSS 20%        彩色咭片 Color Business Cards White Business Cards 白咭咭片噴畫 | 印刷 | 安裝 | 設計     一站式服務   白咭咭片 White Business Cards 使用240Gsm白咭.以四色CMYK印刷.不需要過膠.可在咭片寫字.可選擇局部UV.擊凸.燙金.燙銀.刮刮咭.鑽孔.啤形狀等後期加工.       彩色咭片 Color Business Cards 價格實惠四色（CMYK）印刷.使用厚身260Gsm雙粉咭.大色位及大漸變網都有良好效果.表面過啞膠.有基本防水效果.可選擇局部UV.擊凸.燙金.燙銀.刮刮咭.鑽孔.啤形狀等後期加工   Hot Line ：82007559 Email：sales@hk-printing.com.hk If our promotional email have causing you any disturbance, please email(promotion@hk-printing.com.hk) and acknowledge us for cancelation of the mailing list. 如此郵件對閣下帶來騷擾, 請以EMAIL(promotion@hk-printing.com.hk) 通知我們 var cnzz_protocol = (("https:" == document.location.protocol) ? " https://" : " http://");document.write(unescape("%3Cspan id='cnzz_stat_icon_1254018194'%3E%3C/span%3E%3Cscript src='" + cnzz_protocol + "s95.cnzz.com/z_stat.php%3Fid%3D1254018194%26show%3Dpic1' type='text/javascript'%3E%3C/script%3E"));

↧

Re: The most competitive offer for AHD Camera (no replies)

April 21, 2016, 4:30 am

≫ Next: [SPAM] Votre complément de retraite à vie (no replies)

≪ Previous: (no subject) (no replies)

Hi Manager,

Are you looking for CCTV camera and Accessory?
This is vicky from Hongmei,which is a factory specialized in CCTV camera for more than 10 years.

No quantity limited, sample order is also welcome.
E-catalog and price list will be sent on request.

Best regards,
Vicky
International Sales

Hongmei Technology CO.limited.
Tel: (+86) 20 23329002 Fax: (+86) 20 36323445
Mobile: +86 13598232695
Skype: hongmei-vicky
E-mail: vicky@homeik.com
Web: www.homeik.com
P.O. Box:510410, Home buyer Plaza B1102, Guangzhou,China

↧

[SPAM] Votre complément de retraite à vie (no replies)

April 21, 2016, 4:40 am

≫ Next: PR flags on server error (no replies)

≪ Previous: Re: The most competitive offer for AHD Camera (no replies)

Afficher la version web. (http://trk.my.detente95.com/view/HJn-cgAgG.php) | Annuler votre abonnement. (http://trk.my.detente95.com/usb/HJn-cgAgG.php) | Signaler comme courrier indésirable. (mailto:abuse@dgcnit.fr)
En poursuivant votre navigation, vous acceptez l'utilisation de cookies pour vous proposer des services et offres adaptés
à vos centres d'intérêts et mesurer la fréquentation de nos services. Pour en savoir plus suivez ce lien ()

http://trk.my.detente95.com/tk/HJn-cgAgG-E2j.php
http://trk.my.detente95.com/tk/HJn-cgAgG-E2j.php
Préfon met à votre disposition depuis 1967 LA solution de retraite complémentaire destinée aux Agents Publics : (http://trk.my.detente95.com/tk/HJn-cgAgG-E2j.php)
Le montant de votre complément de retraite est garanti à vie (http://trk.my.detente95.com/tk/HJn-cgAgG-E2j.php)
Vous réalisez des économies d'impôts chaque année(1) (http://trk.my.detente95.com/tk/HJn-cgAgG-E2j.php)
Vous bénéficiez d'un contrat à la carte à partir de 19 € par mois (http://trk.my.detente95.com/tk/HJn-cgAgG-E2j.php)
http://trk.my.detente95.com/tk/HJn-cgAgG-E2j.php

Préfon-Distribution, 12 bis rue de Courcelles 75 008 Paris, N° ORIAS 13008416

Chez Préfon, nous sommes transparents.
Communication à caractère publicitaire.
Les caractéristiques présentées, dont les conditions et limites sont détaillées dans la notice d'information, dépendent également de la législation en vigueur. Elles sont susceptibles d'évoluer.

Les renvois des mentions qui figurent dans cet email :
(1) Sous réserve de la fiscalité en vigueur. Chaque année, les cotisations versées annuelles et de rachat sont déductibles du revenu global du foyer fiscal à hauteur de 10% des revenus d'activité professionnelle nets de cotisations sociales et de frais professionnels, retenus dans la limite de 8 fois le Plafond Annuel de la Sécurité Sociale de l'année précédente. Le plafond de déduction est commun à l'ensemble des dispositifs d'épargne retraite. Votre plafond d'épargne retraite est mentionné sur votre avis d'imposition. Le régime Préfon-Retraite est un régime de retraite dont les arrérages sont passibles de l'impôt sur le revenu dans les mêmes conditions que les « pensions et retraites ».

Informations sur Préfon-Retraite
Préfon-Retraite est un contrat dassurance de groupe, régime régi par les articles L. 441-1 et suivants du Code des assurances, dont l'objet est la constitution et le service dune retraite par rente au profit des affiliés.
Il est souscrit par Préfon, la Caisse nationale de prévoyance de la fonction publique, association régie par la loi du 1er juillet 1901 ayant son siège social 12 bis rue de Courcelles 75 008 Paris. L'objet social de l'association est doffrir aux fonctionnaires et assimilés des régimes de prévoyance complémentaire, notamment en matière de retraite ; dassurer la représentation des affiliés auprès des pouvoirs publics et des gestionnaires des régimes créés ; de veiller au respect des valeurs des organisations syndicales fondatrices de solidarité, de progrès social et dégalité dans la gestion des fonds collectés par les régimes créés, notamment par le choix dinvestissements socialement responsables.
Il est distribué par la SAS Préfon Distribution au capital social de 200 000 entièrement libéré. 794 053 629 R.C.S. Paris immatriculée à l'ORIAS sous le n° 13008416 et ayant son siège social au 12 bis rue de Courcelles 75 008 Paris.

Retrouvez toutes nos informations sur : www.prefon-retraite.fr (http://trk.my.detente95.com/tk/HJn-cgAgG-E2i.php)

Conformément à la loi "Informatique et Liberté" n° 78-17 du 6 janvier 1978 modifiée, vous bénéficiez d'un droit d'accès, de rectification, d'opposition et de suppression des données vous concernant
Vous souhaitez vous désinscrire de cette liste ? Cliquez ici. (http://trk.my.detente95.com/usb/HJn-cgAgG.php)

↧

PR flags on server error (no replies)

April 21, 2016, 9:00 am

≫ Next: [SPAM] 0€ d’impôt pendant 6 à 12 ans - Guide Pinel offert (no replies)

≪ Previous: [SPAM] Votre complément de retraite à vie (no replies)

Hello,

I'm trying to diagnose an error I have when issuing POST on a specific
website I have.
HAProxy is in front and handle HTTPS, with one backend.

The website is called through https, and I got an error with Firefox only
(Chrome is fine) when doing a POST request including a specific text file.
At this point, I thought the app software was guilty. I tried to get more
information on HAProxy side, and I get these flags :
ft-xxx~ bk-xxx/<NOSRV> -1/-1/-1/-1/8 400 187 - - PR-- 97/1/0/0/2 0/0 "POST
/index.php?/Tickets/Ticket/Reply/11969/1 HTTP/1.1"

Extract of the doc :

P : the session was prematurely aborted by the proxy, because of a
connection limit enforcement, because a DENY filter was matched,
because of a security check which detected and blocked a dangerous
error in server response which might have caused information leak
(eg: cacheable cookie).

R : a resource on the proxy has been exhausted (memory, sockets, source
ports, ...). Usually, this appears during the connection phase, and
system logs should contain a copy of the precise error. If this
happens, it must be considered as a very serious anomaly which
should be fixed as soon as possible by any means.

I do not have any extravagant rule on HAProxy file ... And I do not
understand how I can have this error on Firefox and not Chrome. I
guess something went wrong on TLS layer ... But the whole website is
working on Firefox, only this kind of POST request. Firefox is using
TLS v1.2 (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) at that time.

show errors on haproxy socket do not show any error.

Any advice on where to look after that ?

HAProxy config file :

global

tune.ssl.default-dh-param 1024

tune.maxrewrite 1k

tune.ssl.lifetime 3600

tune.ssl.cachesize 1000000

ssl-default-bind-options no-tls-tickets

ssl-default-bind-ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

defaults

mode http

option abortonclose

backlog 65536

retries 2

option clitcpka

option tcp-smart-accept

option tcp-smart-connect

balance roundrobin

option accept-invalid-http-request

maxconn 100000

timeout http-request 10s

timeout queue 30s

timeout client 25s

timeout server 1h

timeout tarpit 1m

timeout check 2000ms

default-server maxconn 10000 fall 3 rise 1 inter 2500ms fastinter
1000ms downinter 5000ms slowstart 30s

errorfile 408 /dev/null

frontend ft-xxx

bind xxx:80

bind xxx:443 ssl crt /etc/ssl/xxx.pem no-sslv3

mode http

log xxx.com local3

option httplog

option log-separate-errors

option dontlognull

default_backend bk-xxx

redirect scheme https if !{ ssl_fc }

bind-process 10

backend bk-xxx

mode http

bind-process 10

option forwardfor

http-request set-header X-SSL %[ssl_fc]

http-request set-header X-Forwarded-Proto https

source xxx

server xxx xxx:80 check weight 1

Thank you all !

↧

[SPAM] 0€ d’impôt pendant 6 à 12 ans - Guide Pinel offert (no replies)

April 21, 2016, 9:20 am

≫ Next: agent-check sends PROXY protocol (no replies)

≪ Previous: PR flags on server error (no replies)

/*
font-family:Arial, Helvetica, sans-serif}
@media only screen and (max-width:600px) {
table {
width:100%;
}
table td {
display:block;
width:100%;
text-align:center;
}
table td .bouton {
max-width:80%;
}
table td img {
max-width:100%;
}
}
/*]]>*/

Voir la version en ligne

0 D'IMPÔT PENDANT 6 À 12 ANS
C'EST POSSIBLE !

Faites votre simulation personnalisée gratuitement
et recevez le Guide Loi Pinel 2016

Se désinscrire

↧

agent-check sends PROXY protocol (no replies)

April 21, 2016, 2:30 pm

≫ Next: [SPAM] 预防和风险应对 (no replies)

≪ Previous: [SPAM] 0€ d’impôt pendant 6 à 12 ans - Guide Pinel offert (no replies)

It appears that if a server is configured to send the PROXY protocol
*and* the server does not have a `check port` set, the agent check
will always send the PROXY protocol. This doesn't seem to be
documented anywhere, and it's kind of strange (especially since
non-agent checks have the check-send-proxy flag available to control
whether the PROXY protocol is emitted).

It's not hard to make my agent support receiving the PROXY protocol,
but it's kind of strange, since nothing's actually being proxied.

Thoughts?

--
James Brown
Engineer

↧

[SPAM] 预防和风险应对 (no replies)

April 21, 2016, 7:30 pm

≫ Next: [SPAM] 避免产品开发闭门造车 (no replies)

≪ Previous: agent-check sends PROXY protocol (no replies)

请您参阅附件

---Original---
From: pfsdtkagm@todayphoto.com
Date: 2016-4-22 星期二 10:24:23
To: haproxy@formilux.org
Subject: 预防和风险应对

↧

[SPAM] 避免产品开发闭门造车 (no replies)

April 21, 2016, 8:50 pm

≫ Next: HTTP 2 (2 replies)

≪ Previous: [SPAM] 预防和风险应对 (no replies)

资料在附件里

---Original---
From: xu@cwemail.com
Date: 2016-4-22 星期二 11:43:16
To: haproxy@formilux.org
Subject: 避免产品开发闭门造车

↧

HTTP 2 (2 replies)

April 22, 2016, 1:20 am

≫ Next: haproxy 1.6.4 segfault in logging (I think) (2 replies)

≪ Previous: [SPAM] 避免产品开发闭门造车 (no replies)

Hi,

Does HAProxy support HTTP2 yet? Pl. let me know.

Thanks,
Anil.

↧

haproxy 1.6.4 segfault in logging (I think) (2 replies)

April 22, 2016, 7:00 am

≫ Next: Convert host to IP (no replies)

≪ Previous: HTTP 2 (2 replies)

Attempting to upgrade from 1.5 to 1.6.4. Haproxy will run for a few
seconds to minutes and then will segfault.

dmesg
[9010697.311045] haproxy[31405]: segfault at b8 ip 00000000004131c7 sp
00007ffde49436c0 error 4 in haproxy[400000+ce000]
[9010699.783167] haproxy[31469]: segfault at b8 ip 00000000004131c7 sp
00007ffdc385ce60 error 4 in haproxy[400000+ce000]
[9010748.623894] haproxy[31696]: segfault at b8 ip 00000000004131c7 sp
00007fffd91e3b90 error 4 in haproxy[400000+ce000]
[9010759.271240] haproxy[31864]: segfault at b8 ip 00000000004131c7 sp
00007ffe8fc7ad30 error 4 in haproxy[400000+ce000]

addr2line -e /usr/bin/haproxy 00000000004131c7
/home/dtorgo/haproxy-1.6.4/src/log.c:1526
1525 case LOG_FMT_STATUS: // %ST
1526 ret = ltoa_o(txn->status, tmplog,
dst + maxsize - tmplog);
1527 if (ret == NULL)
1528 goto out;
1529 tmplog = ret;
1530 last_isspace = 0;
1531 break;

Haproxy config (relevant parts)
global
log rsyslog1:514 local2 debug info
log rsyslog1:514 local3 notice emerg
log-send-hostname
defaults
mode http
retries 3
option redispatch
maxconn 65000
timeout connect 5000
timeout client 300000
timeout server 300000
option allbackups
option dontlognull
option log-health-checks
option forceclose
log-format
±{"flw":"%ID","lb":"%H","cip":"%ci","lbnfo":"%f/%b/%si","tm":"%Tq/%Tw/%Tc/%Tr","tt":%Tt,"stts":"%ST","bytc":%U,"byts":%B,"trmstt":"%ts","cn":"%ac/%fc/%bc/%sc","rtry":%rc,"q":"%bq/%sq","rqst":"%r","hdrs":"%hr"}
frontend splat.lucidchart.com_https
mode http
log global
bind :27001 accept-proxy
capture request header Host len 120
capture request header Origin len 120
capture request header X-Forwarded-For len 32
capture request header Referer len 120
capture request header Host len 16
http-response set-header Requested_Host %[capture.req.hdr(0)]
http-response set-header Requested_Origin %[capture.req.hdr(1)]
http-response set-header X-Original-Request %r
http-request set-header X-Lucid-Flow-Id
%ci|%[capture.req.hdr(4)]|%ms%sc if !{ hdr(X-Lucid-Flow-Id) -m found }
unique-id-format %[hdr(X-Lucid-Flow-Id)]

../haproxy -vv
HA-Proxy version 1.6.4 2016/03/13
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>

Build options :
TARGET = linux2628
CPU = native
CC = gcc
CFLAGS = -O2 -march=native -g -fno-strict-aliasing
-Wdeclaration-after-statement
OPTIONS = USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built without compression support (neither USE_ZLIB nor USE_SLZ are set)
Compression algorithms supported : identity("identity")
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015 (VERSIONS DIFFER!)
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.38 2015-11-23
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

↧

Convert host to IP (no replies)

April 22, 2016, 1:10 am

≫ Next: haproxy load balancing methods (no replies)

≪ Previous: haproxy 1.6.4 segfault in logging (I think) (2 replies)

Hello, list.

Seems DNS function implemented for a long time, I wonder
if it is possible to convert hostname to IP now? So we can have like:

acl US conv_to_ip(host),map_ip(/etc/haproxy/geolocation.txt) -m str -i US

Thanks.

Bests,
-Igor

↧

haproxy load balancing methods (no replies)

April 22, 2016, 2:10 am

≫ Next: Regarding client side keep-alive (1 reply)

≪ Previous: Convert host to IP (no replies)

Hi,

I've got a question about balancing alogrithms haproxy can do; if I set a weight
to my backend servers and use leastconn, would that configuration equal to
"Weighted Least Connections" that F5 can do?

"Like the Least Connections methods, these load balancing methods select pool
members or nodes based on the number of active connections. However, the
Weighted Least Connections methods also base their selections on server
capacity. The Weighted Least Connections (member) method specifies that the
system uses the value you specify in Connection Limit to establish a
proportional algorithm for each pool member. The system bases the load balancing
decision on that proportion and the number of current connections to that pool
member. For example, member_a has 20 connections and its connection limit is
100, so it is at 20% of capacity. Similarly, member_b has 20 connections and its
connection limit is 200, so it is at 10% of capacity. In this case, the system
select selects member_b. This algorithm requires all pool members to have a
non-zero connection limit specified. The Weighted Least Connections (node)
method specifies that the system uses the value you specify in the node's
Connection Limit setting and the number of current connections to a node to
establish a proportional algorithm. This algorithm requires all nodes used by
pool members to have a non-zero connection limit specified. If all servers have
equal capacity, these load balancing methods behave in the same way as the Least
Connections methods."

(https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_pools.html)

If my understanding is correct, haproxy does take the server weight into account
when calculating leastconn?

Thank you,

Craig

↧

Regarding client side keep-alive (1 reply)

April 22, 2016, 6:00 am

≫ Next: Europe and USA popular super professional HD police body camera, network cameras ,3G network cameras (no replies)

≪ Previous: haproxy load balancing methods (no replies)

Hi,

This is probably quite simple, but I just want to make sure I got this right.

Basically, I want the client<>haProxy side to use keep alive, but haProxy<>server side to close every connection and open a new one for each request.

Is it then correct to use http-server-close?

Currently I use httpclose, which obviously closes both sides.

Also, has anybody had any issues with http-server-close in high traffic environments? Like lingering connections, connections not closed properly etc.

Thank you.

Regards,
Stefan

↧

Latest Images