How to not allow forward traffic to backend side during INIT state
Hello! Is it possible or not? I’m looking for a solution when incoming traffic isn’t allowed to get in backend side during HAPROXY is in INIT state. Allow to forward traffic only if health-check...
View ArticleRate Limiting using form-data & x-www-form-urlencoded
Hi, I want to block repeating post requests using form-data and/or x-www-form-urlencoded if more than 5 times within 30 minutes, the following configuration is working but if there is a change in the...
View ArticleHAProxy frontend offloaded certificate association not shown in Pfsense...
We are using haproxy-devel 2.4.9-f8dcd9f in our pfSense v2.6.0. In the pfSense , there is Certificates section (System → Certificate Manager → Certificates). In this section, one of the column is “In...
View ArticleClik here to view.
Haproxy failover single backup server for several nodes
I have several small server and one big server that contain mirror of that several small server. Let’s call it Server A, Server B, Server C and Server D for group of small server, and the big server...
View ArticlePOST is not handled but GET is fine anyone can suggest what i'm doing wrong...
Jun 1 16:37:50 lb02 haproxy[194941]: :60184 [01/Jun/2022:16:37:50.436] https~ https/ 0/-1/-1/-1/0 301 157 - - LR-- 5/5/0/0/0 0/0 “POST /api/hht/createshipment HTTP/1.1” Jun 1 16:37:23 lb02...
View ArticleJA3 / TLS Fingerprint always contains commas
Hey there, We’re using the new functions in HAProxy 2.5 to generate a JA3 header. However the JA3 headers always contains commas. http-request set-header X-SSL-JA3...
View ArticleCorrect way to send utf8 encoded request body via socket
Greetings! There is a possibility to get request body, but only as binary. The request body contains utf8 symbols. I need to send the body to a side system via a socket. But the socket operates with...
View ArticleSyncing Running Changes
Is there a way to sync running changes made via socat between a master and secondary HAProxy instance. I know that it is possible to sync changes made via the config but for my use case I use HAProxy...
View ArticlePriority of directives in general, listen, server etc
What is the priority of directives? E.g. If I set http keep-alive in general or listen, but have just one backend that need to be set to httpclose, does that have priority over the settings on the...
View ArticleLayer6 invalid response: SSL handshake failure
Hey guys, I have a setup with several backends, and where one backend is a third-party API provider which acts as a fallback in case our own servers go down. Setting it up though, I’m running into...
View ArticleUsing http-request set-uri
I am migrating from on-prem sentry to cloud. I want to use HAProxy to map DSNs and redirect traffic to cloud while code is updated to replace old DSNs with new ones. I have a long list of DSN mappings...
View ArticleClik here to view.
.htaccess file for noindex
Hi All New to Haproxy so need some help. I currently have my robots.txt on AWS S3 and have a backend that uses it: http-request set-path {{ robots_url }} I also want to setup a htaccess file in a...
View ArticleReuse client's port from frontend connection in upstream connection
Hi, version 1.8.27 here. Here’s the connection in question: client ----1-----> frontend IP haproxy IP ----2-----> server I’d like to have the same source port from the connection 1. coming to...
View ArticleHowto enable quic http/3.0 on stats page
i am using haproxy 2.6. i can enable quic http/3.0. it seems to work. Chrome and Firefox report that i am using http/3.0 protocol. i can see requests in haproxy.log how can in enable quic/udp to show...
View ArticleTiming event - Tr
Hi, Have a query with regards to Tr timing event, which reports server response time (for HTTP connections). I’m using HAProxy v2.0. Is the value reported as part of Tr event cumulative? e.g. with...
View ArticleCost estimate for HAProxy Enterprise Edition
Apologies for posting this question on this forum. Does anyone know rough cost estimate (licensing, support) for HAProxy Enterprise Edition? I tried to look online but didn’t get much information… 1...
View ArticleClik here to view.
Difficulty using haproxy with apache2 virtualhost
I’m trying to redirect user to different server based on domain hostname. It seems so easy, but I have spent a week and haven’t found a solution. This is my /etc/haproxy/haproxy.cfg. frontend t-proxy...
View ArticleNeed guidance and help integrating squid with haproxy
Hello, I have a Squid proxy server running perfect with 254 IPv4 addresses. everything is working properly but when I get huge connections squid is not able to handle them and thus proxies stop...
View ArticleSSL Protocol Errors when not offloading
Hello, I’m trying to eventually set up something similar to this, where a single frontend should only ask for client certs conditionally. However, I got a bunch of errors and it seems I’m getting...
View ArticleWrong backend selected with SNI when using HTTP/2
When I activate http/2 using “alpn h2,http”, the backend selection fails. I have a wildcard certificate and select the backends based on SNI. Here is the relevant section of haproxy.cfg (haproxy...
View Article