summaryrefslogtreecommitdiff
path: root/usr.sbin/hoststated/hoststated.conf.5
AgeCommit message (Collapse)Author
2007-10-22add missing .Ed;Jason McIntyre
2007-10-22add support for the include directive to the configuration file parser,Reyk Floeter
based on the existing hostapd/pfctl code. ok pyr@
2007-09-28Correct my mail address.Pierre-Yves Ritschard
2007-09-28"require to +inf." is not a good verb pattern, so reword;Jason McIntyre
2007-09-28Add missing "s" to https check description.Christopher Pascoe
ok pyr@
2007-09-10add support for relaying DNS traffic (with a little bit of packetReyk Floeter
header randomization). this adds an infrastructure to support UDP-based protocols. ok gilles@, tested by some
2007-09-05add my copyright because i added a lot.Reyk Floeter
ok pyr@ (who is the first copyright holder)
2007-09-04Add the ability to specify a host header when using http(s) check methods.Pierre-Yves Ritschard
Prodded by me, done by Gille Chehade <veins@evilkittens.org> ok reyk, jmc for the manpage bits.
2007-07-24Quote digest otherwise it won't be parsed as a string.Pierre-Yves Ritschard
2007-05-31convert to new .Dd format;Jason McIntyre
2007-05-29add a new check method which allows to run external scripts/programsReyk Floeter
for custom evaluations. pyr agrees to put it in now but to do some improvements of the timeout handling later.
2007-05-27allow to specify table templates in the configuration file and toReyk Floeter
inherit them from multiple services or relays. this is useful if you want to use a table with the same list of hosts but different ports as specified in the relay or service section. this makes mcbride more happy ok pyr@
2007-04-12add a new relay 'path' action to filter the URL path and arguments.Reyk Floeter
ok pyr@
2007-04-10sort entity typesReyk Floeter
2007-03-21in addition to the host retry option in tables, add support for theReyk Floeter
optional connection "retry" to the forward to, service, and nat lookup options. for example, "nat lookup retry 3" is useful when running hoststated as a transparent proxy when connecting to unreliable frontend/backend servers. ok pyr@
2007-03-13allow to specify the IP_TTL and IP_MINTTL options for the relays toReyk Floeter
support the Generalized TTL Security Mechanism (GTSM) according to RFC 3682. this is especially useful with inbound connections and a fixed distance to the backend servers. ok pyr@
2007-03-12hoststated.conf is not a program.Reyk Floeter
thanks to Sebastian Reitenbach, closes pr 5409
2007-03-06add support for handling simple HTTP cookies (no per-path/domainReyk Floeter
cookies yet), for example: cookie hash "JSESSIONID" tested by some people ok pyr@
2007-02-27replys -> replies;Jason McIntyre
2007-02-27in addition to actions on request headers, allow to define relayReyk Floeter
actions on response headers (the reply sent by backend HTTP servers). the default and slightly faster relay streaming mode will be used if no actions are defined. for example: response change "Server" to "OpenBSD-hoststated/4.1" ok pyr@
2007-02-27manpage clarification for the "change" and "append" relay actions.Reyk Floeter
from Tamas TEVESZ
2007-02-27tweaks;Jason McIntyre
2007-02-26kill the ``use ssl'' directive for consistency across parser directives.Pierre-Yves Ritschard
another heads up for testers: you need to change configuration files. ok reyk@
2007-02-26sync the documentation with the latest change to require a 'header'Reyk Floeter
keyword for default relay actions. ok pyr@
2007-02-26grammar;Jason McIntyre
2007-02-26Change the ``virtual ip'' directive to ``virtual host''.Pierre-Yves Ritschard
You will need to update your configuration files accordingly. "just do it", reyk@
2007-02-26re-use the retry value from table host entries for inbound relayReyk Floeter
connections. the relay will retry to connect to the hosts for the specified number of times. this sounds bad, but is a useful "workaround" for unreliable backend servers...
2007-02-25tweaks;Jason McIntyre
2007-02-24disable anonymous DH by default (cipher suite HIGH:!ADH instead of HIGH).Reyk Floeter
2007-02-24disable SSLv2 and use "HIGH" crypto cipher suites by default.Reyk Floeter
suggested by dlg@
2007-02-24- allow to specify the SSL cipher suite and the SSL protocolsReyk Floeter
(as required by the PCI DSS) - increase the default listen backlog to 10, allow to modify the backlog as a per-protocol tcp option to improve the performance on busy systems (to get less connection failures on heavy load) - close the connection if SSL_accept returned an error - instead of logging _new_ relay sessions to syslog, log the sessions in relay_close() after they have been _finished_. this will allow to collect some additional information - add a new log keyword to log specified header/url entities (useful to track "bad guys" using many session ids or multiple user agents) - some minor fixes, manpage bits, and bump the copyright (by some reason, i didn't realize that we already have 2007...).
2007-02-23i.e. -> e.g.; ok reykJason McIntyre
2007-02-22put `check ssl' in the right place;Jason McIntyre
2007-02-22various language/macro fixes;Jason McIntyre
2007-02-22document the retry option before setting the state to down for hostsReyk Floeter
in tables.
2007-02-22document the new options to manipulate carp demotion counters.Reyk Floeter
2007-02-22Add layer 7 functionality to hoststated used for layer 7Reyk Floeter
loadbalancing, SSL acceleration, general-purpose TCP relaying, and transparent proxying. see hoststated.conf(5) and my upcoming article on undeadly.org for details. ok to commit deraadt@ pyr@
2007-02-07add new "log (updates|all)" configuration option to log stateReyk Floeter
notifications after completed host checks. either only log the "updates" to new states or log "all" state notifications, even if the state didn't change. the log messages will be reported to syslog or to stderr if the daemon is running in foreground mode. ok claudio@ pyr@
2007-01-29manpage tweaks.Pierre-Yves Ritschard
advised by and ok jmc@
2007-01-29Add SSL support to hoststated.Pierre-Yves Ritschard
with help and OK reyk@ with help and advice by claudio@ and Srebrenko Sehic
2007-01-10tweaks;Jason McIntyre
2007-01-09Finish renaming hostated to hoststated.Pierre-Yves Ritschard
Note to testers: the user the daemon changes its id to is now _hoststated, don't forget to update master.passwd. ok reyk@
2007-01-08do NOT use the regexp interface. it is way to complicated, error-proneReyk Floeter
and we don't know about all the possible security problems. change the check send/expect code to use the fnmatch(3) interface using shell globbing rules instead. this allows simple patterns like "220 * ESMTP*" or "SSH-[12].??-*". suggested by deraadt@ and otto@ ok Pierre-Yves Ritschard (pyr at spootnik dot org)
2007-01-08ports can be specified by number or by nameReyk Floeter
2007-01-08timeouts must not exceed the global intervalReyk Floeter
2007-01-08add a generic send/expect check using regular expression (seeReyk Floeter
regex(3)). this allows to define additional checks for other TCP protocols. From Pierre-Yves Ritschard (pyr at spootnik dot org)
2007-01-03allow the sticky-address option for round-robin pools.Reyk Floeter
From Pierre-Yves Ritschard (pyr at spootnik dot org)
2006-12-25the global timeout for checks is specified in millisecondsReyk Floeter
2006-12-25partial rewrite of the check_* routines to use libevent everywhereReyk Floeter
instead of nested select() calls and to handle the non-blocking sockets properly. From Pierre-Yves Ritschard (pyr at spootnik dot org) (with a little help by me)
2006-12-19sort the various commands; discussed w/ pyrJason McIntyre