<labelfor="https-listen"style="margin-top: 5px;"title="Enable SSL Offloading"data-help="The term SSL termination means that you are performing all encryption and decryption at the edge of your network, such as at the load balancer.">SSL Offloading</label>
{{ checkbox('compression', title='HTTP compression allows you to shrink the body of a response before it is relayed to a client, which results in using less network bandwidth per request. From a client\'s perspective, this reduces latency.',
{{ checkbox('slow_atack', title='In a Slow POST attack, an attacker begins by sending a legitimate HTTP POST header to a Web server, exactly as they would under normal circumstances. The header specifies the exact size of the message body that will then follow. However, that message body is then sent at an alarmingly low rate – sometimes as slow as 1 byte per approximately two minutes.',
{{ checkbox('antibot', title='Unfortunately, a large portion of bots are used for malicious reasons. Their intentions include web scraping, spamming, request flooding, brute forcing, and vulnerability scanning. For example, bots may scrape your price lists so that competitors can consistently undercut you or build a competitive solution using your data. Or they may try to locate forums and comment sections where they can post spam. At other times, they’re scanning your site looking for security weaknesses.',
desc='Antibot', value='1') }}
</span>
<divid="blacklist-hide"style="display: none;">
<br/><spanclass="tooltip tooltipTop">Enter a blacklist name, or press the "down" button:</span><br/>
@ -183,12 +186,30 @@
<tdclass="addName">Options:</td>
<tdclass="addOption">
<spanclass="controlgroup">
{{ checkbox('forward_for', title='Option Forward for if none', desc='Forward for') }}
{{ checkbox('forward_for', title='When HAProxy Enterprise proxies a TCP connection, it overwrites the client\'s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client\'s address in the HTTP header X-Forwarded-For. The backend server can then be configured to read the value from that header to retrieve the client\'s IP address.',
desc='Forward for') }}
{{ checkbox('redispatch', title='In HTTP mode, if a server designated by a cookie is down, clients may
definitely stick to it because they cannot flush the cookie, so they will not
be able to access the service anymore.
Specifying "option redispatch" will allow the proxy to break their
persistence and redistribute them to a working server.
It also allows to retry connections to another server in case of multiple
connection failures. Of course, it requires having "retries" set to a nonzero
{{ select('force_close', values=values, first='Force HTTP close', title='Since HAProxy works in reverse-proxy mode, the servers see its IP address as
their client address. This is sometimes annoying when the client\'s IP address
is expected in server logs. To solve this problem, the well-known HTTP header
"X-Forwarded-For" may be added by HAProxy to all requests sent to the server.
This header contains a value representing the client\'s IP address. Since this
header is always appended at the end of the existing header list, the server
must be configured to always use the last occurrence of this header only. See
the server\'s manual to find how to enable use of this standard header. Note
that only the last occurrence of the header must be used, since it is really
possible that the client has already brought one.', class='force_close') }}
{{ checkbox('cookie', title='To send a client to the same server where they were sent previously in order to reuse a session on that server, you can enable cookie-based session persistence. Add a cookie directive to the backend section and set the cookie parameter to a unique value on each server line.',
{{ checkbox('circuit_breaking_listen', name="circuit_breaking", desc='Circuit Breaking', title='Circuit breaker is a design pattern which is used to detect failures and encapsulates the logic of preventing a failure from constantly recurring. The circuit breaker design pattern works much like an electrical circuit breaker which is intended to “trip” or open the circuit when failure is detected.',
<divclass="tooltip tooltipTop">Read more about Circuit Breaking <ahref="https://roxy-wi.org/description.py?description=circuit_breaking" title="Circuit Breaking"target="_blank">here</a></div>
<divclass="tooltip tooltipTop">Read more about Circuit Breaking <ahref="https://roxy-wi.org/description/circuit-breaking" title="Circuit Breaking"target="_blank">here</a></div>
{{ checkbox('https-frontend', title='The term SSL termination means that you are performing all encryption and decryption at the edge of your network, such as at the load balancer.', desc='SSL Offloading') }}
{{ checkbox('compression2', name="compression", title='HTTP compression allows you to shrink the body of a response before it is relayed to a client, which results in using less network bandwidth per request. From a client\'s perspective, this reduces latency.',
{{ checkbox('slow_atack1', title='In a Slow POST attack, an attacker begins by sending a legitimate HTTP POST header to a Web server, exactly as they would under normal circumstances. The header specifies the exact size of the message body that will then follow. However, that message body is then sent at an alarmingly low rate – sometimes as slow as 1 byte per approximately two minutes.',
{{ checkbox('antibot1', title='Unfortunately, a large portion of bots are used for malicious reasons. Their intentions include web scraping, spamming, request flooding, brute forcing, and vulnerability scanning. For example, bots may scrape your price lists so that competitors can consistently undercut you or build a competitive solution using your data. Or they may try to locate forums and comment sections where they can post spam. At other times, they’re scanning your site looking for security weaknesses.',
desc='Antibot', value='1') }}
</span>
<divid="blacklist-hide1"style="display: none;">
<br/><spanclass="tooltip tooltipTop">Enter a blacklist name, or press the "down" button::</span><br/>
@ -415,10 +440,20 @@
<tdclass="addName">Options:</td>
<tdclass="addOption">
<spanclass="controlgroup">
{{ checkbox('forward_for1', title='Option Forward for if none', desc='Forward for') }}
{{ checkbox('forward_for1', title='When HAProxy Enterprise proxies a TCP connection, it overwrites the client\'s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client\'s address in the HTTP header X-Forwarded-For. The backend server can then be configured to read the value from that header to retrieve the client\'s IP address.',
{{ input('backends', name='backends', placeholder="some_backend", size='30', title='If no condition is valid, the backend defined with "default_backend" will be used. If no default backend is defined, either the servers in the same section are used (in case of a "listen" section) or, in case of a frontend, no server is used and a 503 service unavailable response is returned.') }}
<divclass="tooltip tooltipTop">
<b>Note</b>. If you want to use the default backend, <spantitle="Create backend"class="redirectBackend link">backend must exist</span>.
</div>
@ -557,12 +592,13 @@
</td>
</tr>
<trclass="advance">
<tdclass="addName"><spantitle="Cache support start 1.8 and latter">Web acceleration(?):</span></td>
<tdclass="addName"><spantitle="Cache support start 1.8 and latter"class="help_cursor">Web acceleration:</span></td>
{{ checkbox('compression3', name="compression", title='HTTP compression allows you to shrink the body of a response before it is relayed to a client, which results in using less network bandwidth per request. From a client\'s perspective, this reduces latency.',
{{ checkbox('ssl_offloading2', title='The term SSL termination means that you are performing all encryption and decryption at the edge of your network, such as at the load balancer.', desc='SSL Offloading') }}
</span>
</td>
</tr>
@ -570,12 +606,21 @@
<tdclass="addName">Options:</td>
<tdclass="addOption">
<spanclass="controlgroup">
{{ checkbox('forward_for2', title='Option Forward for if none', desc='Forward for') }}
{{ checkbox('forward_for2', title='When HAProxy Enterprise proxies a TCP connection, it overwrites the client\'s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client\'s address in the HTTP header X-Forwarded-For. The backend server can then be configured to read the value from that header to retrieve the client\'s IP address.',
desc='Forward for') }}
{{ checkbox('redispatch2', title='In HTTP mode, if a server designated by a cookie is down, clients may
definitely stick to it because they cannot flush the cookie, so they will not
be able to access the service anymore.
Specifying "option redispatch" will allow the proxy to break their
persistence and redistribute them to a working server.
It also allows to retry connections to another server in case of multiple
connection failures. Of course, it requires having "retries" set to a nonzero
{{ checkbox('cookie2', title='To send a client to the same server where they were sent previously in order to reuse a session on that server, you can enable cookie-based session persistence. Add a cookie directive to the backend section and set the cookie parameter to a unique value on each server line.',
{{ checkbox('circuit_breaking_backend', name="circuit_breaking", desc='Circuit Breaking', title='Circuit breaker is a design pattern which is used to detect failures and encapsulates the logic of preventing a failure from constantly recurring. The circuit breaker design pattern works much like an electrical circuit breaker which is intended to “trip” or open the circuit when failure is detected.',
<divclass="tooltip tooltipTop">Read more about Circuit Breaking <ahref="https://roxy-wi.org/description.py?description=circuit_breaking" title="Circuit Breaking"target="_blank">here</a></div>
<divclass="tooltip tooltipTop">Read more about Circuit Breaking <ahref="https://roxy-wi.org/description/circuit-breaking" title="Circuit Breaking"target="_blank">here</a></div>
</div>
</td>
</tr>
@ -1120,9 +1166,10 @@ var serv_ports = $('.send_proxy');
for (var i = 0; i <= serv_ports.length; i++) {
var uniqId = makeid(3);
$(serv_ports[i]).append('<labelfor="' + uniqId + '"class="send_proxy_label"title="Set send-proxy for this server">send-proxy</label><inputtype="checkbox"name="send_proxy"value="1"id="' + uniqId + '">');
$(serv_ports[i]).append('<labelfor="' + uniqId + '"class="send_proxy_label"title="Set send-proxy for this server"data-help="The Send-proxy parameter enforces the use of the PROXY protocol over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection so that it can know the client\'s address or the public address it accessed to, whatever the upper-layer protocol.">send-proxy</label><inputtype="checkbox"name="send_proxy"value="1"id="' + uniqId + '">');
var uniqId = makeid(3);
$(serv_ports[i]).append('<labelfor="' + uniqId + '"class="send_proxy_label"title="Set this server as backup server">backup</label><inputtype="checkbox"name="backup"value="1"id="' + uniqId + '">');
$(serv_ports[i]).append('<labelfor="' + uniqId + '"class="send_proxy_label"title="Set this server as backup server"data-help="Whenallserversinafarmaredown,wewanttoredirecttraffictoabackupserverwhichdeliverseithersorrypagesoradegradedmodeoftheapplication.\n'+
'This can be done easily in HAProxy by adding the keyword backup on the server line. If multiple backup servers are configured, only the first active one is used.">backup</label><inputtype="checkbox"name="backup"value="1"id="' + uniqId + '">');
<tdclass="addName"><spantitle="Activates the cache for connections to upstream servers.">Keepalive:</span></td>
<tdclass="addName"><spantitle="Activates the cache for connections to upstream servers."data-help="The connections parameter sets the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process. When this number is exceeded, the least recently used connections are closed.">Keepalive:</span></td>
<tdclass="addOption">
{{ input('name', name='keepalive', title="Activates the cache for connections to upstream servers.", placeholder="32") }}
{{ input('name', name='keepalive', title="The connections parameter sets the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process. When this number is exceeded, the least recently used connections are closed.", placeholder="32") }}
<spanname="max_fails">max_fails:</span><inputname="max_fails"requiredtitle="By default, the number of unsuccessful attempts is set to 1" size=8class="form-control add_server_number"value="1"type="number">
<spanname="fail_timeout">fail_timeout:</span><inputname="fail_timeout"requiredtitle="By default, the number of unsuccessful attempts is set to 1s"size=8value="1"class="form-control add_server_number"type="number">s
<spanname="max_fails">max_fails:</span><inputname="max_fails"requiredtitle="By default, the number of unsuccessful attempts is set to 1"data-help="sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the fail_timeout parameter to consider the server unavailable for a duration also set by the fail_timeout parameter. By default, the number of unsuccessful attempts is set to 1."size=8class="form-control add_server_number"value="1"type="number">
<spanname="fail_timeout">fail_timeout:</span><inputname="fail_timeout"requiredtitle="By default, the number of unsuccessful attempts is set to 1s"size=8value="1"class="form-control add_server_number"type="number"data-help="The time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable; and the period of time the server will be considered unavailable.">s
<spanname="max_fails">max_fails:</span><inputname="max_fails"requiredtitle="By default, the number of unsuccessful attempts is set to 1" size=8class="form-control add_server_number"value="1"type="number">
<spanname="fail_timeout">fail_timeout:</span><inputname="fail_timeout"requiredtitle="By default, the number of unsuccessful attempts is set to 1"size=8value="1"class="form-control add_server_number"type="number">s
<spanname="max_fails">max_fails:</span><inputname="max_fails"requiredtitle="By default, the number of unsuccessful attempts is set to 1"data-help="sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the fail_timeout parameter to consider the server unavailable for a duration also set by the fail_timeout parameter. By default, the number of unsuccessful attempts is set to 1."size=8class="form-control add_server_number"value="1"type="number">
<spanname="fail_timeout">fail_timeout:</span><inputname="fail_timeout"requiredtitle="By default, the number of unsuccessful attempts is set to 1"size=8value="1"class="form-control add_server_number"type="number"data-help="The time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable; and the period of time the server will be considered unavailable.">s
<spanname="max_fails">max_fails:</span><inputname="max_fails"requiredtitle="By default, the number of unsuccessful attempts is set to 1" size=8class="form-control add_server_number"value="1"type="number">
<spanname="fail_timeout">fail_timeout:</span><inputname="fail_timeout"requiredtitle="By default, the number of unsuccessful attempts is set to 1"size=8value="1"class="form-control add_server_number"type="number">s
<spanname="max_fails">max_fails:</span><inputname="max_fails"requiredtitle="By default, the number of unsuccessful attempts is set to 1"data-help="sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the fail_timeout parameter to consider the server unavailable for a duration also set by the fail_timeout parameter. By default, the number of unsuccessful attempts is set to 1."size=8class="form-control add_server_number"value="1"type="number">
<spanname="fail_timeout">fail_timeout:</span><inputname="fail_timeout"requiredtitle="By default, the number of unsuccessful attempts is set to 1"size=8value="1"class="form-control add_server_number"type="number"data-help="The time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable; and the period of time the server will be considered unavailable.">s
<spanname="port_check_text">port check:</span><inputname="port_check"requiredtitle="Port for checking"data-help="A basic TCP-layer health check tries to connect to the server's TCP port. The check is valid when the server answers with a SYN/ACK packet."size=8class="form-control add_server_number"type="number">
<spanname="maxconn_name">maxconn:</span><inputname="server_maxconn"requiredtitle="Maxconn. Default 200"data-help="The total number of connections allowed, process-wide. This stops the process from accepting too many connections at once, which safeguards it from running out of memory."size=8value="200"class="form-control add_server_number"type="number">
<spanname="port_check_text">port check:</span><inputname="port_check"requiredtitle="Port for checking"data-help="A basic TCP-layer health check tries to connect to the server's TCP port. The check is valid when the server answers with a SYN/ACK packet."size=8class="form-control add_server_number"type="number">
<spanname="maxconn_name">maxconn:</span><inputname="server_maxconn"requiredtitle="Maxconn. Default 200"data-help="The total number of connections allowed, process-wide. This stops the process from accepting too many connections at once, which safeguards it from running out of memory."size=8value="200"class="form-control add_server_number"type="number">
<spanname="port_check_text">port check:</span><inputname="port_check"requiredtitle="Port for checking"data-help="A basic TCP-layer health check tries to connect to the server's TCP port. The check is valid when the server answers with a SYN/ACK packet."size=8class="form-control add_server_number"type="number">
<spanname="maxconn_name">maxconn:</span><inputname="server_maxconn"requiredtitle="Maxconn. Default 200"data-help="The total number of connections allowed, process-wide. This stops the process from accepting too many connections at once, which safeguards it from running out of memory."size=8value="200"class="form-control add_server_number"type="number">
{% set readonly = 'readonly onfocus=this.removeAttribute(\'readonly\');' %}
{% endif %} #}
<inputtype="{{ type }}"name="{{name}}"value="{{ value|e }}"id="{{ id }}" size="{{size}}"style="{{style}}"{{readonly}}{{required}}{{autofocus}}placeholder="{{placeholder}}"title="{{title}}"class="{{class}}"autocomplete="off"/>
<inputtype="{{ type }}"name="{{name}}"value="{{ value|e }}"id="{{ id }}"data-help="{{title}}"size="{{size}}"style="{{style}}"{{readonly}}{{required}}{{autofocus}}placeholder="{{placeholder}}"title="{{title}}"class="{{class}}"autocomplete="off"/>
Pavel Loginov
2 years ago