On 1/20/2015 6:12 AM, Thomas Heil wrote:
On 20.01.2015 03:26, Shawn Heisey wrote:
When haproxy is run in TPROXY mode, does it lose any functionality, or can
I do all the same things as I can when it's acting in normal proxy mode?
I'd like to have my servers see the real source ip but still have the
ability to make decisions based on HTTP headers and manipulate those
headers.
No you are not loosing any functionality when running in http mode.
This is not very clear. It seems to be saying that I can still do ACLs
and header mangling, but you mention http mode, when I was asking about
tproxy.
To be clear: I'd like to try tproxy so that my servers will see the true
source IP, but still be able to use ACLs and change the HTTP headers.
If enabling iptables is necessary for tproxy (which it seems to be), how
to I additionally tell iptables that I do not want to block any traffic?
My haproxy server currently is not running a firewall, because it just
gets in the way.
Thanks,
Shawn
