On Wed, May 21, 2014 at 2:29 PM, Jürgen Haas <juer...@paragon-es.de> wrote: > Hi there, > > I'm having some issues with the forward-for feature. It seems to be > working in general but for some reason not consistently. My default > section in the config file looks like this: > > defaults > log global > mode http > option httplog > option dontlognull > option forwardfor > retries 3 > maxconn 1000 > timeout connect 5000ms > timeout client 120s > timeout server 120s > default_backend backend_ts1 > > The apache config files on all web servers are configured so that they > use the X-Forwarded-For header field if available: > > LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" > \"%{User-Agent}i\"" proxy > SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded > CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded > CustomLog ${APACHE_LOG_DIR}/access.log proxy env=forwarded > > However, a lot of requests still get logged with the IP address of the > proxy instead of the original client. > > We are using HA-Proxy version 1.5-dev19 2013/06/17 and I wonder if > anyone had an idea what the reason for that could be. >
It's been some time since i last looked at the code; but I reckon it would be the same issue I came across some time back. Do a dump on the traffic to be sure. The RFC allows for headers with multiple values to either be represented as repeated headers, each with one value, or as a single header, with all of the values separated by commas. In either case, your backend has to be capable / smart enough to be able to deal with the 2 formats. -jf -- He who settles on the idea of the intelligent man as a static entity only shows himself to be a fool. Mensan / Full-Stack Technical Polymath / System Administrator 12 years over the entire web stack: Performance, Sysadmin, Ruby and Frontend