Hi, Please see interleaved below,
On 2 February 2011 10:43, Amit Nigam <amitni...@gobindas.in> wrote: > Hi, > > We need to capture service providers gateway IP in order to determine the > service provider of the user. For this we are using option forwardfor. When > we access from our network we get correct public IP of the network in > x-forwarded-for. But when a user accesses we get his gateway server’s > private IP in x-forwarded-for. However haproxy logs correct source ip > (public). Cant we get same IP as source IP forwarded? > > We are using 1.4.10 > > haproxy logs: > > Feb 2 15:07:44 lb1 haproxy[15014]: 203.145.131.164:48167 > [02/Feb/2011:15:07:44.285] http_proxy http_proxy/Waptc2 0/0/1/220/234 200 > 10620 …… > > > > Backend Server log showing x-forwarded-for: > > x-forwarded-for 10.149.137.76 > Just to clarify: You want: 203.145.131.164 to appear in the Backend Server Log? What backend are you using? Is it Tomcat by any chance? If it is, upgrade to 6.0.30 or the latest 7.x. Your problem is fixed in that version (its due to a bug in the way Tomcat processes the X-Forwarded-For header, now fixed). If not... Its almost certainly a problem with the way your backend handles multiple X-Fowarded-For headers. HAproxy adds its own X-Forwarded-For header _after_ any existing X-Forwarded-For headers. According to the specification for X-Forwarded-For, multiple headers should be treated as if they were concatenated strings in the order they appear in the header list. Most likely your backend does not do this correctly. A work-around is to use an different header name (not X-Forwarded-For) in HAproxy and your backend. Hope this helps. > Thanks, > > Amit -- Best Regards, Brett Delle Grazie
