Hi Thierry, If I understand your propsition, my settings shourld be like this :
> RP settings (no change) # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL acl acl_test src 12.34.56.78 (IP client) use_backend test if acl_test # Backend backend test server srv_ test test.maycompany.local:42 check > LB settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL (new acl setting) acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 use_backend test if acl_test # Backend backend test balance roundrobin server test01 xx.xx.xx.xx:42 check server test02 xx.xx.xx.xx:42 check Thibault Labrut. De : Thierry FOURNIER <tfourn...@haproxy.com> Date : jeudi 11 juin 2015 11:56 À : Thibault Labrut <t.lab...@pickup-services.com> Cc : "haproxy@formilux.org" <haproxy@formilux.org> Objet : Re: Need help about ACLs settings On Thu, 11 Jun 2015 09:06:43 +0000 Thibault LABRUT <t.lab...@pickup-services.com> wrote: > Hello, > > I¹m going to install HA Proxy. > > My architecture is as folows : > - 2 servers in DMZ => reverse proxy (RP) > - 2 servers in LAN => Load balancing (LB) > > Several applications contact RP with different IP adress but with always de > same port. > > With the settings as below the connection is up : > > RP settings > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > default_backend test > > # Backend > backend test > server srv_ test test.maycompany.local:42 check > > LB settings > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > default_backend test > > # Backend > backend test > balance roundrobin > server test01 xx.xx.xx.xx:42 check > server test02 xx.xx.xx.xx:42 check > > But in this case the connection is down : > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL > acl acl_test src 12.34.56.78 (IP client) > use_backend test if acl_test > > # Backend > backend test > server srv_ test test.maycompany.local:42 check > > LB settings > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL > acl acl_test src 12.34.56.78 > use_backend test if acl_test > > # Backend > backend test > balance roundrobin > server test01 xx.xx.xx.xx:42 check > server test02 xx.xx.xx.xx:42 check > > Can you say me what is the problem with my settings? > Hi, If I understand, you have two HAProxy chained, RP is in front and LB is in back. In this case, the connexions received by the LB load balancer cannot known the original IP source, because the connexions are established by the LB load balancer with its own IP. You can use the header "x-forwarded-for" for string the original ip source. The directive is "option forwardfor". On the LB HAProxy, you can use a sample taht returns the content of the header x-forwarded-for, like this: acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 best regards Thierry > Best Regards, > > Thibault Labrut.
