Habeeb, given your Apache does actually insert/append an X-Forwarded-For header you can use this statement instead of balance source in HAProxy:
balance hdr(X-Forwarded-For) This has a few caveats you should be aware. Users can set the X-Forwarded-Header themselves (which is done by some upstream proxies). Most forwarders (HAProxy included) just append their IP to the list by default. I don't know how Apache can be configured, but you should try to delete and upstream X-Forwarded-For headers and just include the IP of the last visible source to avoid users messing with the balancing. Hope that helps, Holger On 09.06.2011 15:54, habeeb rahman wrote: > James, > > Thanks for your points. Rewrite rule was set up by some other guys and > is being used for some time now and works well with round robin. > Anyhow I will look at mod_proxy in detail. Not sure how SSL termination > can be done with it and moreover how haproxy gonna balance based on > client IP. Any insight? > > Anyone else has any thoughts or insights to share? > > -Habeeb > > On Thu, Jun 9, 2011 at 7:11 PM, James Bardin <jbar...@bu.edu > <mailto:jbar...@bu.edu>> wrote: > > On Thu, Jun 9, 2011 at 7:33 AM, habeeb rahman <pk.h...@gmail.com > <mailto:pk.h...@gmail.com>> wrote: > > > apache rewrite rule: > > RewriteRule ^/(.*)$ http://127.0.0.1:2443%{REQUEST_URI} [P,QSA,L] > > > Why are you using a rewrite instead of mod_proxy? > ProxyPass does some nice things by default, like adding the > X-Forwarded-For header which will provide the address of the client. > Otherwise, you will need to do this manually with rewrite rules. > > -jim > >
