/ Zope / Apsis / Pound Mailing List / Archive / 2005 / 2005-10 / ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4

[ << ] [ >> ]

[ When a backend server hangs up... / Martin PAPY ... ] [ How to stop error "error copy server ... ]

ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4
Robert Segall <roseg(at)apsis.ch>
2005-10-20 18:52:46 [ SNIP ]
This is to announce the release of Pound v1.9.4. This is primarily a
feature-enhancement interim release.

Changes in this version:

- the log facility may now be dynamically defined in the configuration
file. New directive: LogFacility name. The autoconf script flag has been
changed from --with-log=name to --enable-log (or disable). Thanks to
Samuel Leucart for the suggestion.

- Pound now removes extra headers whenever there is a conflict between
Content-lentgh and Transfer-encoding. The first header takes precedence,
a single header of this type is allowed, the others are discarded.
Thanks to FX for the suggestion.

The software is at version 1.9.4 (beta quality). Further testing
(especially under heavy loads), improvements and suggestions are
welcome.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4
Robert Segall <roseg(at)apsis.ch>
2005-10-20 18:52:46 [ SNIP ]
This is to announce the release of Pound v1.9.4. This is primarily a
feature-enhancement interim release.

Changes in this version:

- the log facility may now be dynamically defined in the configuration
file. New directive: LogFacility name. The autoconf script flag has been
changed from --with-log=name to --enable-log (or disable). Thanks to
Samuel Leucart for the suggestion.

- Pound now removes extra headers whenever there is a conflict between
Content-lentgh and Transfer-encoding. The first header takes precedence,
a single header of this type is allowed, the others are discarded.
Thanks to FX for the suggestion.

The software is at version 1.9.4 (beta quality). Further testing
(especially under heavy loads), improvements and suggestions are
welcome.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4
Sam Johnston <samjie(at)gmail.com>
2005-10-20 19:36:29 [ SNIP ]
And this is to announce the uploading of pound (1.9.4-1) to Debian
(unstable). You should be able to find it here before long:
ftp://ftp.debian.org/debian/pool/main/p/pound

Kind regards,

Sam

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 21 Oct 2005 03:14:24 +1000
Source: pound
Binary: pound
Architecture: source i386
Version: 1.9.4-1
Distribution: unstable
Urgency: low
Maintainer: Sam Johnston <samj(at)aos.net.au>
Changed-By: Sam Johnston <samj(at)aos.net.au>
Description:
 pound      - reverse proxy, load balancer and https front-end for web-servers
Changes:
 pound (1.9.4-1) unstable; urgency=low
 .
   * New upstream release
   * Added LogFacility config file directive
   * HTTP Request Smuggling fix: first of Content-Length and
     Transfer-Encoding takes precedence
Files:
 4f9df964f4662d5cf1c3c525ce290742 670 net extra pound_1.9.4-1.dsc
 c8e8436d6e5ca2407d253ca6899998ba 144505 net extra pound_1.9.4.orig.tar.gz
 9454b554e86fd6c6fb2c1f913e557100 12567 net extra pound_1.9.4-1.diff.gz
 c4556c0631807b4f1c0174842cfc31eb 70798 net extra pound_1.9.4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFDV9MrDr1l4TwJPu8RAr0XAJ9LuLRXk2hOUgR7kdIxBnubUdI26QCfUef4
anbF3XsHA3a4hoUpFMlczJ0=
=6B7e
-----END PGP SIGNATURE-----

On 10/20/05, Robert Segall <roseg(at)apsis.ch> wrote:
> This is to announce the release of Pound v1.9.4. This is primarily a
> feature-enhancement interim release.
>
> Changes in this version:
>
> - the log facility may now be dynamically defined in the configuration
> file. New directive: LogFacility name. The autoconf script flag has been
> changed from --with-log=name to --enable-log (or disable). Thanks to
> Samuel Leucart for the suggestion.
>
> - Pound now removes extra headers whenever there is a conflict between
> Content-lentgh and Transfer-encoding. The first header takes precedence,
> a single header of this type is allowed, the others are discarded.
> Thanks to FX for the suggestion.
>
> The software is at version 1.9.4 (beta quality). Further testing
> (especially under heavy loads), improvements and suggestions are
> welcome.
> --
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904
>
>
> --
> To unsubscribe send an email with subject 'unsubscribe' to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> http://192.168.1.2:8080/Apsis/pound/pound_list/manage_mailboxer
>

Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4
FX <gentoo(at)sbcglobal.net>
2005-10-21 04:01:30 [ SNIP ]
Sam Johnston wrote:

>And this is to announce the uploading of pound (1.9.4-1) to Debian
>(unstable). You should be able to find it here before long:
>ftp://ftp.debian.org/debian/pool/main/p/pound
>
>Kind regards,
>
>Sam
>
>  
>
Sam,

That has got to be one of the fastest uploads to Debian I've seen for 
any package.

Very much appreciated! 


ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Robert Segall <roseg(at)apsis.ch>
2005-10-29 18:24:13 [ SNIP ]
This is to announce the release of Pound v2.0b1. This is an experimental
interim release.

Changes in this version:

- new configuration file syntax, offering significant improvements.

- the ability to define listener-specific back-ends. In most cases this
should eliminate the need for multiple Pound instances.

- a new type of back-end: the redirector allows you to respond with a
redirect without involving any back-end server.

- most "secondary" properties (such as error messages, client time-out,
etc.) are now private to listeners.

The software is at version 2.0b1 (alpha-ish quality). A lot of testing
(especially under heavy loads and complex configurations), improvements
and suggestions are welcome.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
"Eric dai" <daibaoming(at)gmail.com>
2005-10-30 06:53:16 [ SNIP ]
Suggestion as below:
1) add separately CRLfiles setting ,currently ,CRL files is a part of verify
files , This is not good for somecase
2) currently ,we can use more LisentHTTPS  but all of them share a commom
setting of Http_headers
   Suggest each LisentHTTPS have their own cert ,CAfiles ,Verfify files ,and
CRL files
3)  add verify path setting  
4) add CRL auto update from LDAP (RFC 2587) or OCSP support
5) SSL session cache support like modssl
6) allow use redirect to spcified URL with SSL-errorcode when SSL verify fails 
7) for https header inserted , use a mask to select if we need insert
CN/After/Validation before ....
  also have a option to insert the client X509 cert with single-line or
multi-lins format


thanks and best regards
    Eric
----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Sunday, October 30, 2005 12:24 AM
Subject: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer
- v2.0b1


> This is to announce the release of Pound v2.0b1. This is an experimental
> interim release.
> 
> Changes in this version:
> 
> - new configuration file syntax, offering significant improvements.
> 
> - the ability to define listener-specific back-ends. In most cases this
> should eliminate the need for multiple Pound instances.
> 
> - a new type of back-end: the redirector allows you to respond with a
> redirect without involving any back-end server.
> 
> - most "secondary" properties (such as error messages, client time-out,
> etc.) are now private to listeners.
> 
> The software is at version 2.0b1 (alpha-ish quality). A lot of testing
> (especially under heavy loads and complex configurations), improvements
> and suggestions are welcome.
> -- 
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904
> 
> 
> -- 
> To unsubscribe send an email with subject 'unsubscribe' to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> http://192.168.1.2:8080/Apsis/pound/pound_list/manage_mailboxer

Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
"Eric dai" <daibaoming(at)gmail.com>
2005-10-30 07:04:24 [ SNIP ]
pls add SSL session cache and Compress feature


----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Sunday, October 30, 2005 12:24 AM
Subject: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer
- v2.0b1


> This is to announce the release of Pound v2.0b1. This is an experimental
> interim release.
> 
> Changes in this version:
> 
> - new configuration file syntax, offering significant improvements.
> 
> - the ability to define listener-specific back-ends. In most cases this
> should eliminate the need for multiple Pound instances.
> 
> - a new type of back-end: the redirector allows you to respond with a
> redirect without involving any back-end server.
> 
> - most "secondary" properties (such as error messages, client time-out,
> etc.) are now private to listeners.
> 
> The software is at version 2.0b1 (alpha-ish quality). A lot of testing
> (especially under heavy loads and complex configurations), improvements
> and suggestions are welcome.
> -- 
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904
> 
> 
> -- 
> To unsubscribe send an email with subject 'unsubscribe' to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> http://192.168.1.2:8080/Apsis/pound/pound_list/manage_mailboxer

Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
FX <gentoo(at)sbcglobal.net>
2005-10-30 08:58:26 [ SNIP ]
Robert Segall wrote:

>This is to announce the release of Pound v2.0b1. This is an experimental
>interim release.
>
>Changes in this version:
>
>- new configuration file syntax, offering significant improvements.
>
>- the ability to define listener-specific back-ends. In most cases this
>should eliminate the need for multiple Pound instances.
>
>- a new type of back-end: the redirector allows you to respond with a
>redirect without involving any back-end server.
>
>- most "secondary" properties (such as error messages, client time-out,
>etc.) are now private to listeners.
>
>The software is at version 2.0b1 (alpha-ish quality). A lot of testing
>(especially under heavy loads and complex configurations), improvements
>and suggestions are welcome.
>  
>

0. A non-beta release of 1.9.x that is officially blessed as 
production-ready to

1.  I found the "conditional configuration" syntax of Lighttpd very 
intuitive and hope the new 2.0 syntax is similar.
http://www.lighttpd.net/documentation/configuration.html

2.  3rd-party plugin/filter ability even if its at the source-code level 
(as long as the interface/API is simple).

3.  A port of mod_evasive into pound-1.9.x or 2.0 so that we can deal 
with http(s)-specific denial-of-service attacks such as 
scripted/repeated requests--it will prevent undesirable traffic reaching 
the backend servers.  There is no way to catch this using firewalls 
because they cannot parse HTTPS info--this is a perfect task for pound 
especially if it is handling SSL for backends.

4.  Ability to easily convert snort or mod_security rules into pound 
configuration to filter out undesirable http requests and expoits.



Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Conny Brunnkvist <conny(at)fuchsia.se>
2005-10-31 10:04:36 [ SNIP ]
30 okt 2005 kl. 08.58 skrev FX:
>
> 0. A non-beta release of 1.9.x that is officially blessed as  
> production-ready to
>
> 1.  I found the "conditional configuration" syntax of Lighttpd very  
> intuitive and hope the new 2.0 syntax is similar.
> http://www.lighttpd.net/documentation/configuration.html
>

Speaking of which - I've been evaluating lighttpd for a couple of  
tasks recently. One part about lighttpd that I find very appealing is  
their test suite, written in Perl.

I've played with the thought of building a similar test framework for  
Pound, perhaps using a model similar to LightyTest. Highly useful for  
a program like Pound to ensure consistent behaviour between releases.

So consider that half a feature request ;-)

//conny


RE: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
"Joe Gooch" <mrwizard(at)k12system.com>
2005-10-31 16:48:41 [ SNIP ]
Instead of having the Redirect URL be a static URL....  I think it would
be nicer to have it be a Regexp replacement string.

For instance... a modified example from the web page.  I currently do
this in my backend coldfusion pages based on X-SSL headers:

ListenHTTP
    Address 123.123.123.123
    Port 80

    Service
        URL "^/(.*)$"
	  Redirect	"https://pound.host/$1"
    End
End

ListenHTTPS
    Address 123.123.123.123
    Port 443
    Cert "/etc/ssl/pound/pound.pem"
End

Service
 ... global backend setup


Thus it's very easy to turn a site into a SSL only site.

Or, you could set the index.html to be non-ssl capable but any other
would redirect.  (based on the ListenHTTP private services)

Or, you could redirect urls with forbidden in it to an error page with
the old url path passed as a URL variable.  A la...

URL "^(/forbidden.*)"
Redirect "https://pound.host/errors/forbidden_error.php?orig_path=$1"

I don't really mind if it's perl style $1 or sed style \1.

It could even be a Redirect directive for static redirects and a
RedirectRegexp directive for regex-style.

Also, the man page switches back and forth between Service and Server in
the examples... should probably look at that. :)

Joe

> -----Original Message-----
> From: Robert Segall [mailto:roseg(at)apsis.ch]
> Sent: Saturday, October 29, 2005 12:24 PM
> To: pound(at)apsis.ch
> Subject: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load
> balancer - v2.0b1
> 
> This is to announce the release of Pound v2.0b1. This is an
experimental
> interim release.
> 
> Changes in this version:
> 
> - new configuration file syntax, offering significant improvements.
> 
> - the ability to define listener-specific back-ends. In most cases
this
> should eliminate the need for multiple Pound instances.
> 
> - a new type of back-end: the redirector allows you to respond with a
> redirect without involving any back-end server.
> 
> - most "secondary" properties (such as error messages, client
time-out,
> etc.) are now private to listeners.
> 
> The software is at version 2.0b1 (alpha-ish quality). A lot of testing
> (especially under heavy loads and complex configurations),
improvements
> and suggestions are welcome.
> --
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904
> 
> 
> --
> To unsubscribe send an email with subject 'unsubscribe' to
pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> http://192.168.1.2:8080/Apsis/pound/pound_list/manage_mailboxer

Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Steven Van Acker <deepstar(at)ulyssis.org>
2005-10-31 16:50:40 [ SNIP ]
On Sat, Oct 29, 2005 at 06:24:13PM +0200, Robert Segall wrote:
> This is to announce the release of Pound v2.0b1. This is an experimental
> interim release.
> 
> Changes in this version:
> 
> - new configuration file syntax, offering significant improvements.

Hello,

have you considered using (f)lex/yacc/bison instead of regex for configuration
file
processing ?

greets,
-- Steven

> 
> - the ability to define listener-specific back-ends. In most cases this
> should eliminate the need for multiple Pound instances.
> 
> - a new type of back-end: the redirector allows you to respond with a
> redirect without involving any back-end server.
> 
> - most "secondary" properties (such as error messages, client time-out,
> etc.) are now private to listeners.
> 
> The software is at version 2.0b1 (alpha-ish quality). A lot of testing
> (especially under heavy loads and complex configurations), improvements
> and suggestions are welcome.
> -- 
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904
> 
> 
> -- 
> To unsubscribe send an email with subject 'unsubscribe' to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> http://192.168.1.2:8080/Apsis/pound/pound_list/manage_mailboxer

RE: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Robert Segall <roseg(at)apsis.ch>
2005-10-31 17:09:05 [ SNIP ]
On Mon, 2005-10-31 at 10:48 -0500, Joe Gooch wrote:
> Instead of having the Redirect URL be a static URL....  I think it would
> be nicer to have it be a Regexp replacement string.

This may happen yet, but for the moment I try to keep it as simple as
possible. Once we are past the 2.0 hurdle we'll revisit that.

Right now we try to keep it as close to the 1.x code-base as possible.
The only enhancements are those inherent in the new syntax.

> Also, the man page switches back and forth between Service and Server in
> the examples... should probably look at that. :)

Thanks, that will be fixed in 2.0b2.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Robert Segall <roseg(at)apsis.ch>
2005-10-31 17:11:17 [ SNIP ]
On Mon, 2005-10-31 at 10:04 +0100, Conny Brunnkvist wrote:
> Speaking of which - I've been evaluating lighttpd for a couple of  
> tasks recently. One part about lighttpd that I find very appealing is  
> their test suite, written in Perl.
> 
> I've played with the thought of building a similar test framework for  
> Pound, perhaps using a model similar to LightyTest. Highly useful for  
> a program like Pound to ensure consistent behaviour between releases.
> 
> So consider that half a feature request ;-)

I'd much rather consider a code offer...
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Robert Segall <roseg(at)apsis.ch>
2005-10-31 17:16:39 [ SNIP ]
On Sun, 2005-10-30 at 01:58 -0600, FX wrote:
> 0. A non-beta release of 1.9.x that is officially blessed as 
> production-ready to

Please consider 1.9.4 to be officially blessed (just call me Benedict).

> 1.  I found the "conditional configuration" syntax of Lighttpd very 
> intuitive and hope the new 2.0 syntax is similar.
> http://www.lighttpd.net/documentation/configuration.html

Read the man page. Each of us has his own preferences as to style. The
real question is: is it any more expressive?

> 2.  3rd-party plugin/filter ability even if its at the source-code level 
> (as long as the interface/API is simple).
> 
> 3.  A port of mod_evasive into pound-1.9.x or 2.0 so that we can deal 
> with http(s)-specific denial-of-service attacks such as 
> scripted/repeated requests--it will prevent undesirable traffic reaching 
> the backend servers.  There is no way to catch this using firewalls 
> because they cannot parse HTTPS info--this is a perfect task for pound 
> especially if it is handling SSL for backends.
> 
> 4.  Ability to easily convert snort or mod_security rules into pound 
> configuration to filter out undesirable http requests and expoits.

This are certainly interesting suggestions - we'll gladly consider code
offers once we have a stable 2.0. If you look at the 2.0b1 code you may
notice that it contains quite a bit of "infrastructure" with a view
towards future enhancements.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Robert Segall <roseg(at)apsis.ch>
2005-10-31 17:17:10 [ SNIP ]
On Sun, 2005-10-30 at 14:04 +0800, Eric dai wrote:
> pls add SSL session cache and Compress feature

Why?
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Robert Segall <roseg(at)apsis.ch>
2005-10-31 17:25:27 [ SNIP ]
On Sun, 2005-10-30 at 13:53 +0800, Eric dai wrote:
> Suggestion as below:
> 1) add separately CRLfiles setting ,currently ,CRL files is a part of verify
files , This is not good for somecase

Why?

> 2) currently ,we can use more LisentHTTPS  but all of them share a commom
setting of Http_headers
>    Suggest each LisentHTTPS have their own cert ,CAfiles ,Verfify files ,and
CRL files

Have you even looked at 2.0b1?

> 3)  add verify path setting  
> 4) add CRL auto update from LDAP (RFC 2587) or OCSP support
> 5) SSL session cache support like modssl
> 6) allow use redirect to spcified URL with SSL-errorcode when SSL verify
fails 
> 7) for https header inserted , use a mask to select if we need insert
CN/After/Validation before ....
>   also have a option to insert the client X509 cert with single-line or
multi-lins format

Please try to slow down for a moment and consider if your suggestions
are really necessary (do they add anything to the program), and if they
make sense. Are your suggestions based just on seeing the same features
in other systems, or can you show us a real need for them? Is it worth
the effort and extra complexity?
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
Robert Segall <roseg(at)apsis.ch>
2005-10-31 17:36:34 [ SNIP ]
On Mon, 2005-10-31 at 16:50 +0100, Steven Van Acker wrote:
> Hello,
> 
> have you considered using (f)lex/yacc/bison instead of regex for
configuration file
> processing ?

Certainly. Decided it isn't worth the extra weight. For your info: I
worked on compiler and interpreter development in the past, so I know
quite well what's involved.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904


RE: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer - v2.0b1
"Joe Gooch" <mrwizard(at)k12system.com>
2005-10-31 19:08:23 [ SNIP ]
Similarly, while the Lighttpd config file looks really cool, it seems to
me like something that would be easy to implement in perl, but not a
whole lot of fun in C.

I *LIKE* it... but... I certainly wouldn't want to implement it. :)

Speaking of yacc, guess what lighttpd uses... :-D

Joe

> -----Original Message-----
> From: Robert Segall [mailto:roseg(at)apsis.ch]
> Sent: Monday, October 31, 2005 11:37 AM
> To: pound(at)apsis.ch
> Subject: Re: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and
load
> balancer - v2.0b1
> 
> On Mon, 2005-10-31 at 16:50 +0100, Steven Van Acker wrote:
> > Hello,
> >
> > have you considered using (f)lex/yacc/bison instead of regex for
> configuration file
> > processing ?
> 
> Certainly. Decided it isn't worth the extra weight. For your info: I
> worked on compiler and interpreter development in the past, so I know
> quite well what's involved.
> --
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904
> 
> 
> --
> To unsubscribe send an email with subject 'unsubscribe' to
pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> http://192.168.1.2:8080/Apsis/pound/pound_list/manage_mailboxer

MailBoxer