Hi Andrew
1)
By default HTTP profile includes the X-Forwarded for header
2)
This is a normal action, in TCP profiles with SSL the entire communication
between client and backend is encripted, for this reason the load balancer
can't include or modify the x-fowarded-for header
In HTTPS farms the communications between the client and load balancer is
in SSL mode but the ZLB is going to drecrypt and send to the backend in
this case the backend could see the x-forwarded-for header. (this way of
work is named ssl offload)
Andrew if you want to know more about what is happening in the ZLB you can
run commands that Myo commented.
I hope this clarify something
Regards
2012/8/26 stanley kyaw <[email protected]>
> Hi Greeting!
>>>
>>
>> My name is Myo. At this point, I am not sure what is your issue yet,
>> however, I will do my best to help you to resolve your issue, though, my
>> schedule is really busy.
>>
>>
>> 1) Can someone please explain what happens in HTTP farms? Does it pass
>> the IP somehow?
>>
>> > For this case, you can capture tcp trace to verify the issue.
>> Basically, you will need to use tcpdump on zen loadbalancer and wireshark
>> on your farm servers to see if does pass the IP. You can download and
>> install the tcpdump from site: http://www.tcpdump.org and use the
>> following command to run tcpdump
>>
>> tcpdump capture on zen
>> ===================
>> #tcpdump -w zen.pcap -i eth0 dst 1.1.1.1 and port 80
>>
>> You can replace interface number/farm server ip address and port number
>> as real one. By this way, you can see what is really happening in HTTP
>> farms.
>>
>>
>>
>> 2) Also, we noticed on HTTPS requests in TCP farms the X-Forwarded-For
>> does not pass through. Is there any way to accomplish this?
>>
>> > You can use following ssldump to debug the issue
>>
>> SSLDUMP
>> ========
>> #ssldump -a -A -H -k rsa.key -i eth0 > ssldump.txt
>>
>> Site: http://www.rtfm.com/ssldump/
>>
>> You need the ssl key to decrypt the traffic. And reproduce the issue. You
>> should be able to see what is the root cause of the issue. If you need my
>> help to analysis the tcpdump/wireshark or ssldump you can send over to me.
>> I hope it helps.
>>
>>
>> Best Regards,
>> Myo
>>
>
>
>> > ---------- Forwarded message ----------
>>> > From: Andrew Schmitt <[email protected]>
>>> > Date: Sat, Aug 25, 2012 at 3:23 AM
>>> > Subject: [Zenloadbalancer-support] X-Forwarded-For on HTTP/HTTPS Farms
>>> > To: "[email protected]" <
>>> > [email protected]>
>>> >
>>> >
>>> > X-Forwarded-For is very handy on TCP farms for us to gather geodata
>>> about
>>> > our users.****
>>> >
>>> > ** **
>>> >
>>> > Can someone please explain what happens in HTTP farms? Does it pass
>>> the IP
>>> > somehow?****
>>> >
>>> > ** **
>>> >
>>> > Also, we noticed on HTTPS requests in TCP farms the X-Forwarded-For
>>> does
>>> > not pass through. Is there any way to accomplish this?****
>>> >
>>> > ** **
>>> >
>>> > Do any of these things change in version 3?****
>>> >
>>> > ** **
>>> >
>>> > Thank you,****
>>> >
>>> > ** **
>>> >
>>> > Andrew Schmitt****
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > Live Security Virtual Conference
>>> > Exclusive live event will cover all the ways today's security and
>>> > threat landscape has changed and how IT managers can respond.
>>> Discussions
>>> > will include endpoint security, mobile security and the latest in
>>> malware
>>> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> > _______________________________________________
>>> > Zenloadbalancer-support mailing list
>>> > [email protected]
>>> > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>> >
>>>
>>> --
>>> Enviado desde mi dispositivo móvil
>>>
>>> Load balancer distribution - Open Source Project
>>> http://www.zenloadbalancer.com
>>> Distribution list (subscribe):
>>> [email protected]
>>>
>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): [email protected]
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
