Hey Wei Kong,
Your probably using "*option forwardfor
<http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor>*"
right?
Think a second about how that option works:
- HAProxyB recieves a connection from the Client IP, and adds a header
in the http traffic telling X-Forwarded-For:c.l.i.ent
- Then HAProxyA recieves a connection from HAProxyB, and adds another
X-Forwarded-For:b.b.b.b header..
- Now Nginx recieves the connection from HAProxyA and the message might
contains 2 X-Forwarded-For headers, of which only the last header is
used (as it should be).
So now you know why it happens (if my assumptions are correct), the
solution is simple, dont let HAProxyA add another X-Forwarded-For header
when HAProxyB makes the connection.
So either:
-remove the option from HAProxyA
-configure an 'except <network>' on HAProxyA
Or possibly this might also work:
-use send-proxy and accept-proxy for the connection between HAProxyB and
HAProxyA
PiBa-NL
Op 25-4-2013 19:29, Wei Kong schreef:
Hi,
We have an haproxy (A)in front of ngnix and it has been working great
and we can get the client ip without any problem
HAProxy A -> Nginx
Recently we added an another haproxy (B) in front of the first
haproxy(A), from that point on, we noticed that the client IP becomes
the new haproxy's (HAProxy B) ip instead.
HAProxy B(new one) ->HAProxy A -> Nginx
Is there known issue passing client ip through more than one haproxy?
Wei
