Habeeb,
given your Apache does actually insert/append an X-Forwarded-For header
you can use this statement instead of balance source in HAProxy:
balance hdr(X-Forwarded-For)
This has a few caveats you should be aware. Users can set the
X-Forwarded-Header themselves (which is done by some upstream proxies).
Most forwarders (HAProxy included) just append their IP to the list by
default. I don't know how Apache can be configured, but you should try
to delete and upstream X-Forwarded-For headers and just include the IP
of the last visible source to avoid users messing with the balancing.
Hope that helps,
Holger
On 09.06.2011 15:54, habeeb rahman wrote:
James,
Thanks for your points. Rewrite rule was set up by some other guys and
is being used for some time now and works well with round robin.
Anyhow I will look at mod_proxy in detail. Not sure how SSL termination
can be done with it and moreover how haproxy gonna balance based on
client IP. Any insight?
Anyone else has any thoughts or insights to share?
-Habeeb
On Thu, Jun 9, 2011 at 7:11 PM, James Bardin jbar...@bu.edu
mailto:jbar...@bu.edu wrote:
On Thu, Jun 9, 2011 at 7:33 AM, habeeb rahman pk.h...@gmail.com
mailto:pk.h...@gmail.com wrote:
apache rewrite rule:
RewriteRule ^/(.*)$ http://127.0.0.1:2443%{REQUEST_URI} [P,QSA,L]
Why are you using a rewrite instead of mod_proxy?
ProxyPass does some nice things by default, like adding the
X-Forwarded-For header which will provide the address of the client.
Otherwise, you will need to do this manually with rewrite rules.
-jim
