On Wed, May 21, 2014 at 2:29 PM, Jürgen Haas <juer...@paragon-es.de> wrote:
> Hi there,
>
> I'm having some issues with the forward-for feature. It seems to be
> working in general but for some reason not consistently. My default
> section in the config file looks like this:
>
> defaults
> log global
> mode http
> option httplog
> option dontlognull
> option forwardfor
> retries 3
> maxconn 1000
> timeout connect 5000ms
> timeout client 120s
> timeout server 120s
> default_backend backend_ts1
>
> The apache config files on all web servers are configured so that they
> use the X-Forwarded-For header field if available:
>
> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" proxy
> SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
> CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
> CustomLog ${APACHE_LOG_DIR}/access.log proxy env=forwarded
>
> However, a lot of requests still get logged with the IP address of the
> proxy instead of the original client.
>
> We are using HA-Proxy version 1.5-dev19 2013/06/17 and I wonder if
> anyone had an idea what the reason for that could be.
>
It's been some time since i last looked at the code; but I reckon it
would be the same issue I came across some time back. Do a dump on the
traffic to be sure. The RFC allows for headers with multiple values to
either be represented as repeated headers, each with one value, or as
a single header, with all of the values separated by commas. In either
case, your backend has to be capable / smart enough to be able to deal
with the 2 formats.
-jf
--
He who settles on the idea of the intelligent man as a static entity
only shows himself to be a fool.
Mensan / Full-Stack Technical Polymath / System Administrator
12 years over the entire web stack: Performance, Sysadmin, Ruby and Frontend
