Haproxy forwardfor ignored while in tcp mode

centos5haproxy

I have a haproxy set for https and as such I had to enable mode:tcp for that but as it turns out because of that forwardfor is being ignored and I can't see original ip. is there any way to bypass it?

haproxy ver: 1.4.9

Best Answer

x-forwarded-for is an HTTP header field, so has nothing to do with the transport layer (TCP). Usually web proxies insert the x-forwarded-for data.

If you want to have the source IP when balancing at transport layer, then you need to compile haproxy with TPROXY support. See: https://www.loadbalancer.org/blog/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/

But note that the current Linux kernel has TPROXY support by default (It has done since 2.6.28), so you may be able to skip the kernel step described in the above blog post if your kernel version > 2.6.28.

Related Solutions

How to set up stats for HAProxy

That is not correct. There would be a stats page on http://yoursite.com:1935/haproxy?stats

To overcome this add another listener-

listen stats :1936
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth Username:Password

Then go to http://yoursite.com:1936/ and login.

Make sure your firewall isn't blocking this request.

Iis – Getting client IP address on IIS server behind HAProxy over HTTPS

That is a "normal" side-affect of proxies. You should have corresponding logs on the proxy that matches up.

Best Answer

Related Solutions

How to set up stats for HAProxy

Iis – Getting client IP address on IIS server behind HAProxy over HTTPS

Related Topic