Skip to content

Instantly share code, notes, and snippets.

@PiBa-NL
PiBa-NL / haproxy, sending the source ip to the webserver.
Created December 21, 2014 23:24
haproxy, sending the source ip to the webserver.
To send the ip addres of the client/webbrowser to the server/webserver behind it there are a few options:
1- option forwardfor
2- send-proxy
3- source 0.0.0.0 usesrc clientip
1- option forwardfor
This is an easy option to configure in haproxy, it does require that http layer7 processing is used 'mode http' and the webserver/ webapplication that wants to log or use the ip of the client must use the http-header 'X-Forwarded-For' to read the clientip.
2- send-proxy / send-proxy-v2 / send-proxy-*
This is can be used both with mode tcp and http, it does however require that the server also understands the proxyprotocol. Some applications have added support for this protocol which adds a few bytes with ip information before the actual request.
@PiBa-NL
PiBa-NL / haproxy, remove 'app' after selecting backend
Last active June 22, 2022 02:25
haproxy, remove /app after selecting backend
Code to change a request from / to /app1/
reqirep ^([^\ :]*)\ /(.*) \1\ /app1/\2
If urls in the response contain absolute urls it might be required to use this:
acl no_redir url_beg /app1/
reqirep ^([^\ :]*)\ /(.*) \1\ /app1/\2 if !no_redir
The code makes sure that the method and url-path behind the / stays the same. Which method you need exactly might depend on the application thats running.
For readability of the above how change a request from /app1/ to /app1/app1redir/
reqirep ^([^\ :]*)\ /app1/(.*) \1\ /app1/app1redir/\2
@PiBa-NL
PiBa-NL / HAProxy SNI fallback workaround example
Last active September 27, 2019 05:31
HAProxy SNI fallback/workaround example this example shows some of the possibilities that are possible to give 'best effort' support for browsers that do not support SNI.. (or at least my quick testcase/workout turned into this.., i dont use it myself, and i don't claim its actually usable for anyone.)
global
maxconn 300
log 192.168.0.40 local0 debug
stats socket /tmp/haproxy.socket level admin
gid 80
nbproc 1
chroot /var/empty
daemon
#
# Example configuration for HAProxy 1.5-dev19 for using SNI
<?php
require_once("config.inc");
/*
a check should be added to avoid duplicate items..
*/
/*
$menu = array();
$menu['name'] = "NEW MENU ITEM";
@PiBa-NL
PiBa-NL / CUSTOM_rules.inc-pfSense
Created December 29, 2016 00:54
adding custom rules on pfSense not supported by webgui
<?php
// Add this file as: /usr/local/pkg/CUSTOM_rules.inc
// pfSense will automatically add the rules defined here into the rules it loads in pf
require_once("util.inc");
function CUSTOM_rules_generate_rules($type) {
// called by filter.inc when pfSense rules generation happens
$rules = "";
@PiBa-NL
PiBa-NL / checkout freebsd ports on windows.txt
Created April 1, 2017 16:49
how to checkout freebsd ports on windows
Windows has problems with files containing special characters so some files cannot be checked out.
To work around most of the problems with this a sparse checkout can be done.
This does asume you dont need to patch those specific files as that wont work this way...
Enable sparse-checkout:
git config core.sparsecheckout true
Make a file .git\info\sparse-checkout with the folowing content:
!japanese/prn
!*:*
# HAProxy config below allows my browser to access: http://192.168.0.120/#q=test
# note that im using the tld 'nl' for the host header which is what google alway defaults to for me anyway..
global
maxconn 1000
stats socket /tmp/haproxy.socket level admin
daemon
listen HAProxyLocalStats
@PiBa-NL
PiBa-NL / gist:531373a49264aeb5dc3f
Last active October 21, 2015 12:30
Haproxy stand alone stats listen section
listen MyStats
mode http
bind 0.0.0.0:1000
stats enable
stats uri /
# if authentication is wanted
acl auth_ok http_auth(stats-auth)
http-request auth unless auth_ok
@PiBa-NL
PiBa-NL / pfsense - easyenable.php page
Created April 2, 2015 20:26
pfsense - easyenable.php page, for easily enabling disabling a set of rules
<?php
/*
easyenable.php
Copyright (C) 2015 PiBa-NL
Copy and use it as you like.
*/
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
require_once("config.inc");
@PiBa-NL
PiBa-NL / pfsense-pfx-user-certificate-download.php
Created February 2, 2015 23:21
pfSense, pfx user certificate download php page
<?php
require_once("auth.inc");
require_once("config.inc");
require_once("certs.inc");
require_once("authgui.inc");// this ensures user is authenticated in pfSense.
$a_cert = $config['cert'];
$a_cacert = $config['ca'];