发布于 2014-10-05 13:25:04 | 206 次阅读 | 评论: 0 | 来源: 网友投递
HAProxy WEB负载均衡解决方案
HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代 理,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。
很好用的4,7层负载均衡软件Haproxy 1.5.4补丁版发布。 2014-09-03 上一个版本是2014-07-25的1.5.3.修正了1.5-dev23中的关键Bug(CVE-2014-6269)。
完全改进:
2014/09/02 : 1.5.4 - BUG: config: error in http-response replace-header number of arguments - BUG/MINOR: Fix search for -p argument in systemd wrapper. - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported - MEDIUM: connection: add new bit in Proxy Protocol V2 - BUG/MINOR: server: move the directive #endif to the end of file - BUG/MEDIUM: http: tarpit timeout is reset - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc* - BUG/MEDIUM: http: fix inverted condition in pat_match_meth() - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg() - BUG/MEDIUM: acl: correctly compute the output type when a converter is used - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
A critical bug was fixed in 1.5.4. This bug was introduced in 1.5-dev23, so all users of any version between 1.5-dev23 and 1.5.3 must upgrade. This bug can cause haproxy to crash if a number of conditions are met together. Basically, we need a client which can upload multiples of 2GB of POST data much faster than the server can read, and the server must accept all these data slowly enough. If all of this happens, it is possible during the roll-over at every 2GB that the chunk parser tries to parse a chunk length out of the input buffer, causing haproxy to crash. In practice, it can essentially be exploited when the attacker controls both the client, the server, and the timing. This cannot be used to modify data nor execute code though, it's only a denial of service. CVE-2014-6269 was assigned to this bug. Another bug was a possible busy loop intcp-request content track-scrules.
HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机, 它是免费、快速并且可靠的一种解决方案。HAProxy特别适用于那些负载特大的web站点, 这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整 合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
下图是HAProxy的架构: