On 4/25/13 2:12 PM, PiBa-NL wrote:
Hey Wei Kong,
Your probably using "*option forwardfor
<http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor>*"
right?
Think a second about how that option works:
- HAProxyB recieves a connection from the Client IP, and adds a header
in the http traffic telling X-Forwarded-For:c.l.i.ent
- Then HAProxyA recieves a connection from HAProxyB, and adds another
X-Forwarded-For:b.b.b.b header..
- Now Nginx recieves the connection from HAProxyA and the message
might contains 2 X-Forwarded-For headers, of which only the last
header is used (as it should be).
Is this really what HAProxy does? Didn't test it yet, but most other
reverse proxies just append IPs to the X-Forwarded-For header.
First proxy:
X-Forwarded-For: 1.1.1.1
Second proxy
X-Forwarded-For: 1.1.1.1, 2.2.2.2
David