Re: question about X-Forwarded-For and proxy protocol
Thanks for the help. wt On Jan 31, 2015 5:06 AM, "Willy Tarreau" wrote: > On Thu, Jan 29, 2015 at 09:57:32AM -0800, Warren Turkal wrote: > > I am using HAProxy 1.5.10. My config looks something like the following: > > > > frontend main > > bind *:8080 accept-proxy > > use backend blah > > > > backend blah > > server 10.0.0.1 > > > > When I am accepting proxy protocol connections on the bind line in my > front > > end, I would like to add an X-Forwarded-For header that identifies the > > original client from the proxy protocol info. Is there some pattern folks > > use to do that? Does "option forwardfor" do this, or do I need to reqadd > > the header manually? > > The proxy protocol will replace the client's IP address everywhere in > the internal structs, so for haproxy, the *real* client will be the > one advertised there. Thus if you use "option forwardfor", the address > presented in the proxy protocol will appear in the x-forwarded-for > header. For example, let's say you're deploying an haproxy setup in > AWS. You set up ELB to enable the proxy protocol, and haproxy as > configured above plus optoin forwardfor. The server will then get a > request from haproxy with a header identifying the original client > (the one ELB sees). > > hoping this helps, > Willy > >
Re: question about X-Forwarded-For and proxy protocol
On Thu, Jan 29, 2015 at 09:57:32AM -0800, Warren Turkal wrote: > I am using HAProxy 1.5.10. My config looks something like the following: > > frontend main > bind *:8080 accept-proxy > use backend blah > > backend blah > server 10.0.0.1 > > When I am accepting proxy protocol connections on the bind line in my front > end, I would like to add an X-Forwarded-For header that identifies the > original client from the proxy protocol info. Is there some pattern folks > use to do that? Does "option forwardfor" do this, or do I need to reqadd > the header manually? The proxy protocol will replace the client's IP address everywhere in the internal structs, so for haproxy, the *real* client will be the one advertised there. Thus if you use "option forwardfor", the address presented in the proxy protocol will appear in the x-forwarded-for header. For example, let's say you're deploying an haproxy setup in AWS. You set up ELB to enable the proxy protocol, and haproxy as configured above plus optoin forwardfor. The server will then get a request from haproxy with a header identifying the original client (the one ELB sees). hoping this helps, Willy
question about X-Forwarded-For and proxy protocol
I am using HAProxy 1.5.10. My config looks something like the following: frontend main bind *:8080 accept-proxy use backend blah backend blah server 10.0.0.1 When I am accepting proxy protocol connections on the bind line in my front end, I would like to add an X-Forwarded-For header that identifies the original client from the proxy protocol info. Is there some pattern folks use to do that? Does "option forwardfor" do this, or do I need to reqadd the header manually? Thanks, wt -- Warren Turkal