[DOC] some small spell fixes and unifications
Traditionnally -> Traditionally
preceeded -> preceded
statictics -> statistics
(...)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3c6dd64..87c3442 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -102,7 +102,7 @@
-------------------------------
The HTTP protocol is transaction-driven. This means that each request will lead
-to one and only one response. Traditionnally, a TCP connection is established
+to one and only one response. Traditionally, a TCP connection is established
from the client to the server, a request is sent by the client on the
connection, the server responds and the connection is closed. A new request
will involve a new connection :
@@ -341,14 +341,14 @@
The configuration file syntax consists in lines beginning with a keyword
referenced in this manual, optionally followed by one or several parameters
delimited by spaces. If spaces have to be entered in strings, then they must be
-preceeded by a backslash ('\') to be escaped. Backslashes also have to be
+preceded by a backslash ('\') to be escaped. Backslashes also have to be
escaped by doubling them.
2.2. Time format
----------------
-Some parameters involve values representating time, such as timeouts. These
+Some parameters involve values representing time, such as timeouts. These
values are generally expressed in milliseconds (unless explicitly stated
otherwise) but may be expressed in any other unit by suffixing the unit to the
numeric value. It is important to consider this because it will not be repeated
@@ -480,7 +480,7 @@
Creates a UNIX socket in stream mode at location <path>. Any previously
existing socket will be backed up then replaced. Connections to this socket
- will return various statictics outputs and even allow some commands to be
+ will return various statistics outputs and even allow some commands to be
issued. Please consult section 9.2 "Unix Socket commands" for more details.
An optional "level" parameter can be specified to restrict the nature of
@@ -587,7 +587,7 @@
Disables the use of kernel tcp splicing between sockets on Linux. It is
equivalent to the command line argument "-dS". Data will then be copied
using conventional and more portable recv/send calls. Kernel tcp splicing is
- limited to some very recent instances of kernel 2.6. Most verstions between
+ limited to some very recent instances of kernel 2.6. Most versions between
2.6.25 and 2.6.28 are buggy and will forward corrupted data, so they must not
be used. This option makes it easier to globally disable kernel splicing in
case of doubt. See also "option splice-auto", "option splice-request" and
@@ -689,7 +689,7 @@
Right now, two major proxy modes are supported : "tcp", also known as layer 4,
and "http", also known as layer 7. In layer 4 mode, HAProxy simply forwards
-bidirectionnal traffic between two sides. In layer 7 mode, HAProxy analyzes the
+bidirectional traffic between two sides. In layer 7 mode, HAProxy analyzes the
protocol, and can interact with it by allowing, blocking, switching, adding,
modifying, or removing arbitrary contents in requests or responses, based on
arbitrary criteria.
@@ -999,7 +999,7 @@
number of running servers changing, many clients will be
directed to a different server. This algorithm is generally
used in TCP mode where no cookie may be inserted. It may also
- be used on the Internet to provide a best-effort stickyness
+ be used on the Internet to provide a best-effort stickiness
to clients which refuse session cookies. This algorithm is
static by default, which means that changing a server's
weight on the fly will have no effect, but this can be
@@ -1071,10 +1071,10 @@
hdr(name) The HTTP header <name> will be looked up in each HTTP request.
Just as with the equivalent ACL 'hdr()' function, the header
name in parenthesis is not case sensitive. If the header is
- absent or if it does not contain any value, the round-robin
+ absent or if it does not contain any value, the roundrobin
algorithm is applied instead.
- An optionnal 'use_domain_only' parameter is available, for
+ An optional 'use_domain_only' parameter is available, for
reducing the hash algorithm to the main domain part with some
specific headers such as 'Host'. For instance, in the Host
value "haproxy.1wt.eu", only "1wt" will be considered.
@@ -1091,7 +1091,7 @@
is not case-sensitive. This mechanism is useful as a degraded
persistence mode, as it makes it possible to always send the
same user (or the same session ID) to the same server. If the
- cookie is not found, the normal round-robind algorithm is
+ cookie is not found, the normal roundrobin algorithm is
used instead.
Note that for this to work, the frontend must ensure that an
@@ -1125,7 +1125,7 @@
Note: the following caveats and limitations on using the "check_post"
extension with "url_param" must be considered :
- - all POST requests are eligable for consideration, because there is no way
+ - all POST requests are eligible for consideration, because there is no way
to determine if the parameters will be found in the body or entity which
may contain binary data. Therefore another method may be required to
restrict consideration of POST requests that have no URL parameters in
@@ -1149,7 +1149,7 @@
- This feature does not support generation of a 100, 411 or 501 response.
- In some cases, requesting "check_post" MAY attempt to scan the entire
- contents of a message body. Scaning normally terminates when linear
+ contents of a message body. Scanning normally terminates when linear
white space or control characters are found, indicating the end of what
might be a URL parameter list. This is probably not a concern with SGML
type message bodies.
@@ -1208,7 +1208,7 @@
transparent is an optional keyword which is supported only on certain
Linux kernels. It indicates that the addresses will be bound
even if they do not belong to the local machine. Any packet
- targetting any of these addresses will be caught just as if
+ targeting any of these addresses will be caught just as if
the address was locally configured. This normally requires
that IP forwarding is enabled. Caution! do not use this with
the default address '*', as it would redirect any traffic for
@@ -1344,7 +1344,7 @@
the log format does not change for a given frontend depending on the
backends. This may change in the future. Note that there can be only one
"capture cookie" statement in a frontend. The maximum capture length is
- configured in the souces by default to 64 characters. It is not possible to
+ configured in the sources by default to 64 characters. It is not possible to
specify a capture in a "defaults" section.
Example:
@@ -1376,7 +1376,7 @@
headers will be logged just as an empty string. Common uses for request
header captures include the "Host" field in virtual hosting environments, the
"Content-length" when uploads are supported, "User-agent" to quickly
- differenciate between real users and robots, and "X-Forwarded-For" in proxied
+ differentiate between real users and robots, and "X-Forwarded-For" in proxied
environments to find where the request came from.
Note that when capturing headers such as "User-agent", some spaces may be
@@ -1584,7 +1584,7 @@
See also the "insert" and "nocache" options.
domain This option allows to specify the domain at which a cookie is
- inserted. It requires exactly one paramater: a valid domain
+ inserted. It requires exactly one parameter: a valid domain
name. If the domain begins with a dot, the browser is allowed to
use it for any host ending with that name. It is also possible to
specify several domain names by invoking this option multiple
@@ -1772,7 +1772,7 @@
values when the backend has less than <conns> concurrent connections. This
makes it possible to limit the load on the servers during normal loads, but
push it further for important loads without overloading the servers during
- exceptionnal loads.
+ exceptional loads.
Example :
# The servers will accept between 100 and 1000 concurrent connections each
@@ -1797,7 +1797,7 @@
This may be used to ensure that the services disappear in a certain order.
This was designed so that frontends which are dedicated to monitoring by an
- external equipement fail immediately while other ones remain up for the time
+ external equipment fail immediately while other ones remain up for the time
needed by the equipment to detect the failure.
Note that currently, there is very little benefit in using this parameter,
@@ -2001,7 +2001,7 @@
Arguments :
if <cond> the monitor request will fail if the condition is satisfied,
and will succeed otherwise. The condition should describe a
- combinated test which must induce a failure if all conditions
+ combined test which must induce a failure if all conditions
are met, for instance a low number of servers both in a
backend and its backup.
@@ -2042,7 +2042,7 @@
In TCP mode, any connection coming from a source matching <source> will cause
the connection to be immediately closed without any log. This allows another
- equipement to probe the port and verify that it is still listening, without
+ equipment to probe the port and verify that it is still listening, without
forwarding the connection to a remote server.
In HTTP mode, a connection coming from a source matching <source> will be
@@ -2233,20 +2233,20 @@
option checkcache
no option checkcache
- Analyze all server responses and block requests with cachable cookies
+ Analyze all server responses and block requests with cacheable cookies
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
Arguments : none
Some high-level frameworks set application cookies everywhere and do not
always let enough control to the developer to manage how the responses should
- be cached. When a session cookie is returned on a cachable object, there is a
+ be cached. When a session cookie is returned on a cacheable object, there is a
high risk of session crossing or stealing between users traversing the same
caches. In some situations, it is better to block the response than to let
some sensible session information go in the wild.
The option "checkcache" enables deep inspection of all server responses for
- strict compliance with HTTP specification in terms of cachability. It
+ strict compliance with HTTP specification in terms of cacheability. It
carefully checks "Cache-control", "Pragma" and "Set-cookie" headers in server
response to check if there's a risk of caching a cookie on a client-side
proxy. When this option is enabled, the only responses which can be delivered
@@ -2269,7 +2269,7 @@
If a response doesn't respect these requirements, then it will be blocked
just as if it was from an "rspdeny" filter, with an "HTTP 502 bad gateway".
The session state shows "PH--" meaning that the proxy blocked the response
- during headers processing. Additionnaly, an alert will be sent in the logs so
+ during headers processing. Additionally, an alert will be sent in the logs so
that admins are informed that there's something to be fixed.
Due to the high impact on the application, the application should be tested
@@ -2716,7 +2716,7 @@
option nolinger
no option nolinger
- Enable or disable immediate session ressource cleaning after close
+ Enable or disable immediate session resource cleaning after close
May be used in sections: defaults | frontend | listen | backend
yes | yes | yes | yes
Arguments : none
@@ -2915,7 +2915,7 @@
will automatically evaluate the opportunity to use kernel tcp splicing to
forward data between the client and the server, in either direction. Haproxy
uses heuristics to estimate if kernel splicing might improve performance or
- not. Both directions are handled independantly. Note that the heuristics used
+ not. Both directions are handled independently. Note that the heuristics used
are not much aggressive in order to limit excessive use of splicing. This
option requires splicing to be enabled at compile time, and may be globally
disabled with the global option "nosplice". Since splice uses pipes, using it
@@ -3211,7 +3211,7 @@
Note that this only makes sense in a TCP backend, but for this to work, the
frontend must have waited long enough to ensure that an RDP cookie is present
in the request buffer. This is the same requirement as with the "rdp-cookie"
- load-balancing method. Thus it is higly recommended to put all statements in
+ load-balancing method. Thus it is highly recommended to put all statements in
a single "listen" section.
Example :
@@ -4183,7 +4183,7 @@
possible to reach it in the application.
The default URI compiled in haproxy is "/haproxy?stats", but this may be
- changed at build time, so it's better to always explictly specify it here.
+ changed at build time, so it's better to always explicitly specify it here.
It is generally a good idea to include a question mark in the URI so that
intermediate proxies refrain from caching the results. Also, since any string
beginning with the prefix will be accepted as a stats request, the question
@@ -4270,7 +4270,7 @@
order, so that it is possible to build complex rules from them. There is no
specific limit to the number of rules which may be inserted.
- Note that the "if/unless" condition is optionnal. If no condition is set on
+ Note that the "if/unless" condition is optional. If no condition is set on
the action, it is simply performed unconditionally.
If no "tcp-request content" rules are matched, the default action already is
@@ -4296,7 +4296,7 @@
order, so that it is possible to build complex rules from them. There is no
specific limit to the number of rules which may be inserted.
- Note that the "if/unless" condition is optionnal. If no condition is set on
+ Note that the "if/unless" condition is optional. If no condition is set on
the action, it is simply performed unconditionally.
If no "tcp-request content" rules are matched, the default action is set to
@@ -4336,7 +4336,7 @@
Note that when performing content inspection, haproxy will evaluate the whole
rules for every new chunk which gets in, taking into account the fact that
- those data are partial. If no rule matches before the aforementionned delay,
+ those data are partial. If no rule matches before the aforementioned delay,
a last check is performed upon expiration, this time considering that the
contents are definitive. If no delay is set, haproxy will not wait at all
and will immediately apply a verdict based on the available information.
@@ -4635,7 +4635,7 @@
used and a 503 service unavailable response is returned.
Note that it is possible to switch from a TCP frontend to an HTTP backend. In
- this case, etiher the frontend has already checked that the protocol is HTTP,
+ this case, either the frontend has already checked that the protocol is HTTP,
and backend processing will immediately follow, or the backend will wait for
a complete HTTP request to get in. This feature is useful when a frontend
must decode several protocols on a unique port, one of them being HTTP.
@@ -4759,7 +4759,7 @@
the ramp between both values when the backend has less than <fullconn>
concurrent connections. This makes it possible to limit the load on the
server during normal loads, but push it further for important loads without
- overloading the server during exceptionnal loads. See also the "maxconn"
+ overloading the server during exceptional loads. See also the "maxconn"
and "maxqueue" parameters, as well as the "fullconn" backend keyword.
port <port>
@@ -4779,7 +4779,7 @@
that no trailing slash should be used after <prefix>. All invalid requests
will be rejected, and all non-GET or HEAD requests will be normally served by
the server. Note that since the response is completely forged, no header
- mangling nor cookie insertion is possible in the respose. However, cookies in
+ mangling nor cookie insertion is possible in the response. However, cookies in
requests are still analysed, making this solution completely usable to direct
users to a remote location in case of local disaster. Main use consists in
increasing bandwidth for static servers by having the clients directly
@@ -4865,7 +4865,7 @@
rewrite or delete a header, but it will refuse to add a header to any such
messages as this is not HTTP-compliant. The reason for still processing headers
in such responses is to stop and/or fix any possible information leak which may
-happen, for instance because another downstream equipment would inconditionally
+happen, for instance because another downstream equipment would unconditionally
add a header, or if a server name appears there. When such messages are seen,
normal processing still occurs on the next non-informational messages.
@@ -4940,7 +4940,7 @@
on occasional usages, it is possible to gain some space by removing some
useless headers before adding new ones.
- - keywords beginning with "reqi" and "rspi" are the same as their couterpart
+ - keywords beginning with "reqi" and "rspi" are the same as their counterpart
without the 'i' letter except that they ignore case when matching patterns.
- when a request passes through a frontend then a backend, all req* rules
@@ -5212,7 +5212,7 @@
Returns true when the sessions creation rate on the backend matches the
specified values or ranges, in number of new sessions per second. This is
used to switch to an alternate backend when an expensive or fragile one
- reaches too high a session rate, or to limite abuse of service (eg. prevent
+ reaches too high a session rate, or to limit abuse of service (eg. prevent
sucking of an online dictionary).
Example :
@@ -5243,7 +5243,7 @@
req_proto_http
Returns true when data in the request buffer look like HTTP and correctly
parses as such. It is the same parser as the common HTTP request parser which
- is used so there should be no surprizes. This test can be used for instance
+ is used so there should be no surprises. This test can be used for instance
to direct HTTP traffic to a given port and HTTPS traffic to another one
using TCP request content inspection rules.
@@ -5454,7 +5454,7 @@
the values or ranges specified. It is important to remember that one header
line may count as several headers if it has several values. This is used to
detect presence, absence or abuse of a specific header, as well as to block
- request smugling attacks by rejecting requests which contain more than one
+ request smuggling attacks by rejecting requests which contain more than one
of certain headers. See "hdr" for more information on header matching.
hdr_ip <ip_address>
@@ -5487,7 +5487,7 @@
METH_POST method POST match HTTP POST method
METH_TRACE method TRACE match HTTP TRACE method
HTTP_URL_ABS url_reg ^[^/:]*:// match absolute URL with scheme
-HTTP_URL_SLASH url_beg / match URL begining with "/"
+HTTP_URL_SLASH url_beg / match URL beginning with "/"
HTTP_URL_STAR url * match URL equal to "*"
HTTP_CONTENT hdr_val(content-length) gt 0 match an existing content-length
RDP_COOKIE req_rdp_cookie_cnt gt 0 match presence of an RDP cookie
@@ -5506,7 +5506,7 @@
- OR (explicit with the "or" keyword or the "||" operator)
- Negation with the exclamation mark ("!")
-A condition is formed as a disjonctive form :
+A condition is formed as a disjunctive form:
[!]acl1 [!]acl2 ... [!]acln { or [!]acl1 [!]acl2 ... [!]acln } ...
@@ -5547,7 +5547,7 @@
very important for troubleshooting complex environments. Standard information
provided in logs include client ports, TCP/HTTP state timers, precise session
state at termination and precise termination cause, information about decisions
-to direct trafic to a server, and of course the ability to capture arbitrary
+to direct traffic to a server, and of course the ability to capture arbitrary
headers.
In order to improve administrators reactivity, it offers a great transparency
@@ -6199,7 +6199,7 @@
These timers provide precious indications on trouble causes. Since the TCP
protocol defines retransmit delays of 3, 6, 12... seconds, we know for sure
that timers close to multiples of 3s are nearly always related to lost packets
-due to network problems (wires, negociation, congestion). Moreover, if "Tt" is
+due to network problems (wires, negotiation, congestion). Moreover, if "Tt" is
close to a timeout value specified in the configuration, it often means that a
session has been aborted on timeout.
@@ -6440,7 +6440,7 @@
closer to the average reported "Tw" timer, in order not to consume
resources for just a few attackers.
- SC The server or an equipement between it and haproxy explicitly refused
+ SC The server or an equipment between it and haproxy explicitly refused
the TCP connection (the proxy received a TCP RST or an ICMP message
in return). Under some circumstances, it can also be the network
stack telling the proxy that the server is unreachable (eg: no route,
@@ -6459,7 +6459,7 @@
sD The server did not send nor acknowledge any data for as long as the
"timeout server" setting during the data phase. This is often caused
- by too short timeouts on L4 equipements before the server (firewalls,
+ by too short timeouts on L4 equipments before the server (firewalls,
load-balancers, ...), as well as keep-alive sessions maintained
between the client and the server expiring first on haproxy.
@@ -6571,8 +6571,8 @@
section 4.2 for more details.
It is possible to include both request headers and response headers at the same
-time. Non-existant headers are logged as empty strings, and if one header
-appears more than once, only its last occurence will be logged. Request headers
+time. Non-existent headers are logged as empty strings, and if one header
+appears more than once, only its last occurrence will be logged. Request headers
are grouped within braces '{' and '}' in the same order as they were declared,
and delimited with a vertical bar '|' without any space. Response headers
follow the same representation, but are displayed after a space following the
@@ -6658,7 +6658,7 @@
"GET /image.iso HTTP/1.0"
=> request for a long data transfer. The "logasap" option was specified, so
- the log was produced just before transfering data. The server replied in
+ the log was produced just before transferring data. The server replied in
14 ms, 243 bytes of headers were sent to the client, and total time from
accept to first data byte is 30 ms.
@@ -6778,12 +6778,12 @@
L7STS -> layer 7 response error, for example HTTP 5xx
37. check_code: layer5-7 code, if available
38. check_duration: time in ms took to finish last health check
- 39. hrsp_1xx: http responces with 1xx code
- 40. hrsp_2xx: http responces with 2xx code
- 41. hrsp_3xx: http responces with 3xx code
- 42. hrsp_4xx: http responces with 4xx code
- 43. hrsp_5xx: http responces with 5xx code
- 44. hrsp_other: http responces with other codes (protocol error)
+ 39. hrsp_1xx: http responses with 1xx code
+ 40. hrsp_2xx: http responses with 2xx code
+ 41. hrsp_3xx: http responses with 3xx code
+ 42. hrsp_4xx: http responses with 4xx code
+ 43. hrsp_5xx: http responses with 5xx code
+ 44. hrsp_other: http responses with other codes (protocol error)
9.2. Unix Socket commands
@@ -6914,7 +6914,7 @@
which process the stats apply to in multi-process mode. Notice the empty
line after the information output which marks the end of the first block.
A similar empty line appears at the end of the second block (stats) so that
- the reader knows the output has not been trucated.
+ the reader knows the output has not been truncated.
clear counters
Clear the max values of the statistics counters in each proxy (frontend &