HAproxy

Software Screenshot:
HAproxy
Software Details:
Version: 1.5.14 / 1.5-dev22 updated
Upload Date: 27 Sep 15
Developer: Willy Tarreau
Distribution Type: Freeware
Downloads: 122

Rating: 3.0/5 (Total Votes: 2)

HAProxy is the lool you need for web sites crawling under very high loads, while maintaining persistence or Layer7 processing.




HAProxy also provides support tens of thousands of connections, even with today's hardware. It integrates into existing architectures very easily.

What is new in this release:

  • MEDIUM: tcp-check new feature: connect
  • MEDIUM: ssl: Set verify 'required' as global default for servers side.
  • MINOR: ssl: handshake optim for long certificate chains.
  • BUG/MINOR: pattern: pattern comparison executed twice
  • BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..."
  • BUG/MEDIUM: pattern: Segfault in binary parser
  • MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation.
  • MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated
  • BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function.
  • BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type.
  • BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer
  • BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
  • MINOR: doc: Bad cli function name.
  • MINOR: http: smp_fetch_capture_header_* fetch captured headers
  • BUILD: last release inadvertently prepended a "+" in front of the date
  • BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler
  • BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse
  • BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes"
  • BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
  • MINOR: http: try to stick to same server after status 401/407
  • BUG/MINOR: http: always disable compression on HTTP/1.0
  • OPTIM: poll: restore polling after a poll/stop/want sequence
  • OPTIM: http: don't stop polling for read on the client side after a request
  • BUG/MEDIUM: checks: unchecked servers could not be enabled anymore
  • BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
  • BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
  • BUG/MINOR: stream-int: do not clear the owner upon unregister
  • MEDIUM: stats: add support for HTTP keep-alive on the stats page
  • BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch
  • Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page"
  • MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes
  • OPTIM: session: set the READ_DONTWAIT flag when connecting
  • BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests
  • MINOR: session: factor out the connect time measurement
  • MEDIUM: session: prepare to support earlier transitions to the established state
  • MEDIUM: stream-int: make si_connect() return an established state when possible
  • MINOR: checks: use an inline function for health_adjust()
  • OPTIM: session: put unlikely() around the freewheeling code
  • MEDIUM: config: report a warning when multiple servers have the same name
  • BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence"
  • BUILD/MINOR: listener: remove a glibc warning on accept4()
  • BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage
  • BUILD: listener: fix recent accept4() again
  • BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
  • BUG/MEDIUM: polling: ensure we update FD status when there's no more activity
  • MEDIUM: listener: fix polling management in the accept loop
  • MINOR: protocol: improve the proto->drain() API
  • MINOR: connection: add a new conn_drain() function
  • MEDIUM: tcp: report in tcp_drain() that lingering is already disabled on close
  • MEDIUM: connection: update callers of ctrl->drain() to use conn_drain()
  • MINOR: connection: add more error codes to report connection errors
  • MEDIUM: tcp: report connection error at the connection level
  • MEDIUM: checks: make use of chk_report_conn_err() for connection errors
  • BUG/MEDIUM: unique_id: HTTP request counter is not stable
  • DOC: fix misleading information about SIGQUIT
  • BUG/MAJOR: fix freezes during compression
  • BUG/MEDIUM: stream-interface: don't wake the task up before end of transfer
  • BUILD: fix VERDATE exclusion regex
  • CLEANUP: polling: rename "spec_e" to "state"
  • DOC: add a diagram showing polling state transitions
  • REORG: polling: rename "spec_e" to "state" and "spec_p" to "cache"
  • REORG: polling: rename "fd_spec" to "fd_cache"
  • REORG: polling: rename the cache allocation functions
  • REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()"
  • MAJOR: polling: rework the whole polling system
  • MAJOR: connection: remove the CO_FL_WAIT_{RD,WR} flags
  • MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send}
  • MEDIUM: connection: add check for readiness in I/O handlers
  • MEDIUM: stream-interface: the polling flags must always be updated in chk_snd_conn
  • MINOR: stream-interface: no need to call fd_stop_both() on error
  • MEDIUM: connection: no need to recheck FD state
  • CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag
  • CLEANUP: connection: use conn_xprt_ready() instead of checking the flag
  • CLEANUP: connection: fix comments in connection.h to reflect new behaviour.
  • OPTIM: raw-sock: don't speculate after a short read if polling is enabled
  • MEDIUM: polling: centralize polled events processing
  • MINOR: polling: create function fd_compute_new_polled_status()
  • MINOR: cli: add more information to the "show info" output
  • MEDIUM: listener: add support for limiting the session rate in addition to the connection rate
  • MEDIUM: listener: apply a limit on the session rate submitted to SSL
  • REORG: stats: move the stats socket states to dumpstats.c
  • MINOR: cli: add the new "show pools" command
  • BUG/MEDIUM: counters: flush content counters after each request
  • BUG/MEDIUM: counters: fix stick-table entry leak when using track-sc2 in connection
  • MINOR: tools: add very basic support for composite pointers
  • MEDIUM: counters: stop relying on session flags at all
  • BUG/MINOR: cli: fix missing break in command line parser
  • BUG/MINOR: config: correctly report when log-format headers require HTTP mode
  • MAJOR: http: update connection mode configuration
  • MEDIUM: http: make keep-alive + httpclose be passive mode
  • MAJOR: http: switch to keep-alive mode by default
  • BUG/MEDIUM: http: fix regression caused by recent switch to keep-alive by default
  • BUG/MEDIUM: listener: improve detection of non-working accept4()
  • BUILD: listener: add fcntl.h and unistd.h
  • BUG/MINOR: raw_sock: correctly set the MSG_MORE flag

What is new in version 1.4.24 / 1.5-dev22:

  • MEDIUM: tcp-check new feature: connect
  • MEDIUM: ssl: Set verify 'required' as global default for servers side.
  • MINOR: ssl: handshake optim for long certificate chains.
  • BUG/MINOR: pattern: pattern comparison executed twice
  • BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..."
  • BUG/MEDIUM: pattern: Segfault in binary parser
  • MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation.
  • MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated
  • BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function.
  • BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type.
  • BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer
  • BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
  • MINOR: doc: Bad cli function name.
  • MINOR: http: smp_fetch_capture_header_* fetch captured headers
  • BUILD: last release inadvertently prepended a "+" in front of the date
  • BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler
  • BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse
  • BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes"
  • BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
  • MINOR: http: try to stick to same server after status 401/407
  • BUG/MINOR: http: always disable compression on HTTP/1.0
  • OPTIM: poll: restore polling after a poll/stop/want sequence
  • OPTIM: http: don't stop polling for read on the client side after a request
  • BUG/MEDIUM: checks: unchecked servers could not be enabled anymore
  • BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
  • BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
  • BUG/MINOR: stream-int: do not clear the owner upon unregister
  • MEDIUM: stats: add support for HTTP keep-alive on the stats page
  • BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch
  • Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page"
  • MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes
  • OPTIM: session: set the READ_DONTWAIT flag when connecting
  • BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests
  • MINOR: session: factor out the connect time measurement
  • MEDIUM: session: prepare to support earlier transitions to the established state
  • MEDIUM: stream-int: make si_connect() return an established state when possible
  • MINOR: checks: use an inline function for health_adjust()
  • OPTIM: session: put unlikely() around the freewheeling code
  • MEDIUM: config: report a warning when multiple servers have the same name
  • BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence"
  • BUILD/MINOR: listener: remove a glibc warning on accept4()
  • BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage
  • BUILD: listener: fix recent accept4() again
  • BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
  • BUG/MEDIUM: polling: ensure we update FD status when there's no more activity
  • MEDIUM: listener: fix polling management in the accept loop
  • MINOR: protocol: improve the proto->drain() API
  • MINOR: connection: add a new conn_drain() function
  • MEDIUM: tcp: report in tcp_drain() that lingering is already disabled on close
  • MEDIUM: connection: update callers of ctrl->drain() to use conn_drain()
  • MINOR: connection: add more error codes to report connection errors
  • MEDIUM: tcp: report connection error at the connection level
  • MEDIUM: checks: make use of chk_report_conn_err() for connection errors
  • BUG/MEDIUM: unique_id: HTTP request counter is not stable
  • DOC: fix misleading information about SIGQUIT
  • BUG/MAJOR: fix freezes during compression
  • BUG/MEDIUM: stream-interface: don't wake the task up before end of transfer
  • BUILD: fix VERDATE exclusion regex
  • CLEANUP: polling: rename "spec_e" to "state"
  • DOC: add a diagram showing polling state transitions
  • REORG: polling: rename "spec_e" to "state" and "spec_p" to "cache"
  • REORG: polling: rename "fd_spec" to "fd_cache"
  • REORG: polling: rename the cache allocation functions
  • REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()"
  • MAJOR: polling: rework the whole polling system
  • MAJOR: connection: remove the CO_FL_WAIT_{RD,WR} flags
  • MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send}
  • MEDIUM: connection: add check for readiness in I/O handlers
  • MEDIUM: stream-interface: the polling flags must always be updated in chk_snd_conn
  • MINOR: stream-interface: no need to call fd_stop_both() on error
  • MEDIUM: connection: no need to recheck FD state
  • CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag
  • CLEANUP: connection: use conn_xprt_ready() instead of checking the flag
  • CLEANUP: connection: fix comments in connection.h to reflect new behaviour.
  • OPTIM: raw-sock: don't speculate after a short read if polling is enabled
  • MEDIUM: polling: centralize polled events processing
  • MINOR: polling: create function fd_compute_new_polled_status()
  • MINOR: cli: add more information to the "show info" output
  • MEDIUM: listener: add support for limiting the session rate in addition to the connection rate
  • MEDIUM: listener: apply a limit on the session rate submitted to SSL
  • REORG: stats: move the stats socket states to dumpstats.c
  • MINOR: cli: add the new "show pools" command
  • BUG/MEDIUM: counters: flush content counters after each request
  • BUG/MEDIUM: counters: fix stick-table entry leak when using track-sc2 in connection
  • MINOR: tools: add very basic support for composite pointers
  • MEDIUM: counters: stop relying on session flags at all
  • BUG/MINOR: cli: fix missing break in command line parser
  • BUG/MINOR: config: correctly report when log-format headers require HTTP mode
  • MAJOR: http: update connection mode configuration
  • MEDIUM: http: make keep-alive + httpclose be passive mode
  • MAJOR: http: switch to keep-alive mode by default
  • BUG/MEDIUM: http: fix regression caused by recent switch to keep-alive by default
  • BUG/MEDIUM: listener: improve detection of non-working accept4()
  • BUILD: listener: add fcntl.h and unistd.h
  • BUG/MINOR: raw_sock: correctly set the MSG_MORE flag

What is new in version 1.5-dev21:

  • MINOR: stats: don't use a monospace font to report numbers
  • MINOR: session: remove debugging code
  • BUG/MAJOR: patterns: fix double free caused by loading strings from files
  • MEDIUM: http: make option http_proxy automatically rewrite the URL
  • BUG/MEDIUM: http: cook_cnt() forgets to set its output type
  • BUG/MINOR: stats: correctly report throttle rate of low weight servers
  • BUG/MEDIUM: checks: servers must not start in slowstart mode
  • BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords
  • MEDIUM: stream-int: implement a very simplistic idle connection manager
  • DOC: update the ROADMAP file

What is new in version 1.4.24:

  • This version fixes a crash which could occur when a configuration made use of hdr_ip(name,-1) or "usesrc hdr_ip(name)", if the client sent a certain number of values of the requested header.
  • CVE-2013-2175 was assigned to this bug.
  • All users of 1.4 must upgrade or apply the fix.

What is new in version 1.5-dev19:

  • This release fixes two possible crashes, one of them remotely triggered (CVE-2013-2175) involving use of a negative occurrence number in hdr_* fetches. Other long-standing improvements were finally merged, such as http-response, dynamic setting of priority, DSCP headers, Netfilter mark and log level, transparent proxy on *BSD, fetching of environment variables, conditional PROXY protocol by ACL, 3 parallel stick-counters instead of 2, reworking of the doc to simplify the search of ACL/fetch keywords, and further-improved configuration error reporting. All 1.5 users must upgrade.

What is new in version 1.5-dev18:

  • This release fixes a security flaw in TCP content inspection when combined with HTTP.
  • 1.5-dev users must upgrade or patch.
  • Other big changes include a richer address parser that supports environment variables, the convergence of ACLs and samples allowing more powerful combinations of patterns analysis, support for systemd, a new health check agent protocol, PCRE JIT support, TLS ALPN, and HTTP redirects 307 and 308.
  • No fewer than 43 bugs were fixed in various areas.

What is new in version 1.4.23:

  • This release fixes a security flaw in the TCP content inspection code when combined with HTTP information.
  • All 1.4 users must upgrade or patch.
  • 25 other bugs were fixed since 1.4.22, including a risk of memory corruption by monitoring systems abusing of the "show sess" command on the CLI.
  • Poll() was enabled by default on all platforms, and select() limited to 1024 fds only, in order to workaround a recent glibc change that causes runtime crashes due to extra controls in FD_SET/FD_CLR/FD_ISSET.

What is new in version 1.5-dev17:

  • The last known bugs since 1.5-dev15 have been fixed (frozen POSTs, aborted SSL sessions, and occasionally truncated early responses from servers to POST requests).
  • Additionally, a few long-awaited features have been implemented: support for logging anything coming from a sample fetch function using %[] in the log format, as well as passing this to servers in HTTP headers (all SSL information can now be passed this way).
  • The HTML stats page was improved with more detailed information in tips (this was broken in dev16). Users of 1.5-dev12 to 16 are strongly encouraged to upgrade.

What is new in version 1.5-dev15:

  • The high CPU usage a few users have been experiencing in dev14 is now fixed.
  • A file descriptor leak when logging SSL information was fixed.
  • Some SSL issues with client certs were fixed.
  • SSL handshake errors are now logged.
  • Some incorrect logs of "SD" flags in case of client errors were resolved.
  • The conditions to enable Gzip compression were tightened.
  • Layer 7 information such as the IP address taken from a header can now be tracked.
  • Users of 1.5-dev12..dev14 are encouraged to upgrade.

What is new in version 1.5-dev14:

  • The SSL stack received many fixes and improvements.
  • It now supports mutual cert authentication, client cert-based ACLs, and a multi-process session cache.
  • Some facilities were offered to support multi-process mode with SSL.
  • Health checks support SSL and the PROXY protocol.
  • HTTP forwarding now supports gzip compression.
  • Recent Linux platforms support TCP FastOpen and accept4().
  • The "bind" statement now supports "v4v6" and "v6only" keywords to decide on the IPv6 binding policy.
  • Many bugs have been fixed, so those using dev12 and dev13 in production are strongly encouraged to upgrade.

Similar Software

Psiphon
Psiphon

20 Feb 15

ExaProxy
ExaProxy

20 Feb 15

Namistai
Namistai

3 Jun 15

uwhoisd
uwhoisd

20 Feb 15

Comments to HAproxy

Comments not found
Add Comment
Turn on images!