2016-02-04 4:57 GMT+01:00 Willy Tarreau <w...@1wt.eu>: > No, set-src replaces the client's src as logged by haproxy and as passed > over the proxy protocol. The only issue is that this action was incompletely > implemented, it's only in http-request while it should also have been in > tcp-request. I hoped that we'd get it completed before the release but > apparently nobody was interested in finishing was was begun :-( > > If someone is willing to do it for TCP mode and the patch is small enough, > I'm willing to backport it into 1.6 as I consider it almost a bug to only > be able to use it in HTTP mode.
OK. Unfortunately I can't help with that, but you have my full support ^^ > With that said, Jonathan, you need to keep in mind that by doing so you > will pass the IP address presented by CF in the *first* request as the > source of the whole connection, hence all subsequent requests. So before > doing this you need to be absolutely sure that CF doesn't multiplex > incoming connections from various clients over the same connection. AFAIK CloudFlare don't do that unless RailGun is enabled. -- Jonathan Leroy http://www.inikup.com/ Tel: +33 (0)9 74 77 41 72