On 24 October 2011 11:42, Iceskysl <icesk...@gmail.com> wrote: > I’m testing a new web server setup which is having a couple of issues. > Essentially, we have a web server, where the code uses the remote IP for > some interesting things, and also some apache directories secured down to > some certain IP’s (our office etc). > > However, we’ve just chucked this behind ha_proxy so we can look at adding > some more app servers, but now the remote IP is always coming through as the > proxy ip(127.0.0.1), not the real remote user. This means we can’t get to > some locations, and our app is behaving a little oddly where user IP is > important.
There are 3 popular ways of tackling this that I can think of. 1. Use Apache's mod_rpaf (http://stderr.net/apache/rpaf/), which lets you take the client IP in the X-Forwarded-For header and treat it as the client IP. To do this you need to have "option forwardfor" in your HAproxy configuration. 2. Add the X-Forwarded-For header as before using "option forwardfor", and change your application to look at that header instead of the client IP. 3. Use HAproxy in transparent mode, which has its own config requirements, but honestly I'm not 100% clear on what they are as I've never gone this route. Graeme.
