Hi Kobus, You might look into if Zeus/Stingray can do this with their rules, as it looks like F5 can:
https://devcentral.f5.com/articles/accessing-tcp-options-from-irules HAProxy is my first choice normally, but for situations like yours I'd take a look at Zeus/Stingray ZXTM (since it's deployable on a standard server). I suspect if F5 can do it so can Zeus with their rules. -J Sent via iPhone > On Jul 25, 2014, at 6:47, Nenad Merdanovic <ni...@nimzo.info> wrote: > > Hello Kobus, > >> On 07/25/2014 01:38 PM, Kobus Bensch wrote: >> Hi >> >> We use HAProxy extensively and until a few days ago, had no problem with >> capturing the IP address of clients in X-Forward-IP portion of the >> HAproxy config. >> >> We have now, due to requirements in other countries, taken a service >> with a CDN provider. As the specific service is required to be PCI >> compliant, the only way they can provide us with the client IP address >> is to put it in the TCP option header 22. The last 32 bits of this >> header will contain the client IP address in HEX format. >> >> How, if at all possible, can this be transferred from this header into >> the X-Forward-For header on HAProxy so we can capture it in our >> application for further analysis in our back end systems? >> >> We use HAProxy 1.5.1, soon to be 1.5.2 on Centos 6.5. Our HAProxy sits >> in front of Apache HTTPD. > > Sadly, this isn't possible (actually it is possible, but not from > userland) as described here: > http://marc.info/?l=haproxy&m=139945650506607&w=2 > >> >> Thanks in advance >> >> Kobus >> >> Trustpay Global Limited is an authorised Electronic Money Institution >> regulated by the Financial Conduct Authority registration number 900043. >> Company No 07427913 Registered in England and Wales with registered >> address 130 Wood Street, London, EC2V 6DL, United Kingdom. >> >> For further details please visit our website at www.trustpayglobal.com >> <http://www.trustpayglobal.com>. >> >> The information in this email and any attachments are confidential and >> remain the property of Trustpay Global Ltd unless agreed by contract. It >> is intended solely for the person to whom or the entity to which it is >> addressed. If you are not the intended recipient you may not use, >> disclose, copy, distribute, print or rely on the content of this email >> or its attachments. If this email has been received by you in error >> please advise the sender and delete the email from your system. Trustpay >> Global Ltd does not accept any liability for any personal view expressed >> in this message. > > Regards, > -- > Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info > Linkedin: http://www.linkedin.com/in/nenadmerdanovic >
