Hello Willy, ----- On 17 May, 2015, at 14:16, Willy Tarreau w...@1wt.eu wrote:
> Hello Phil, > > On Tue, May 12, 2015 at 07:54:35AM +0100, Phil Daws wrote: > (...) >> the issue is that if I go to the web site via HTTPS, which does not pass >> through a CDN, then the correct client IP is being passed through but if I go >> via HTTP its the CDN's IP which is being presented. When I was using >> real_ip_header x-forward-for then it would work fine, but that broke the >> HTTPS side of things. Some how need to get the x-forward-for IP, if its >> present, into the proxy_protol one. Is that possible ? > > For now I don't see how to do this. While it is possible to spoof > the original IP address extracted from the x-forwarded-for header, > I'm not seeing a way to do that for proxy-proto. In fact we could > imagine to have an http-request rule to replace the incoming > connections's source with something extracted from a header, that > would solve most use cases I think. > > Regards, > Willy I believe a rule for performing a replacement would be very good indeed. While Nenad has suggested using two NGINX server, which is also a good idea, it would provide great flexibility if this were able to be done within HAP. Regards, Phil (null) (null)