Is there any way that I can use Haproxy's ability to modify headers so that if the incoming connection has an X-Forwarded-For header for example I can then take the contents of this and add it into Haproxy's X-Forwarded-For record?
My Current Scenario is a client has setup the following:
- CloudFlare Takes Connection, sets X-Forwarded-For and connects to Haproxy frontend
- Haproxy then handles this connection and sets the X-Forwarded-For based on the true IP for the connection received (CloudFlares IP Address)
- Server receives this request and the X-Forwarded-For entry contains the IP of the CloudFlare proxy rather than the true Client IP.
Best Answer
Unless your final server really wants to know what the cloudflare IP address was, if nobody connects directly to haproxy, then just remove
option forwardforso it stops changing the X-Forwarded-For header.If some connections do not go through cloudflare, you can use
option forwardfor except cloudflareipaddressto only set X-Forwarded-For for direct connections.