From owner-freebsd-ports@FreeBSD.ORG Sun Aug 8 22:11:09 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FF6916A4CE for ; Sun, 8 Aug 2004 22:11:09 +0000 (GMT) Received: from goofy.cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with SMTP id 25E9943D1F for ; Sun, 8 Aug 2004 22:11:06 +0000 (GMT) (envelope-from clement@FreeBSD.org) Received: (qmail 26877 invoked by uid 89); 9 Aug 2004 00:11:02 +0200 Received: from clement@FreeBSD.org by goofy.cultdeadsheep.org by uid 89 with qmail-scanner-1.22st Clear:RC:1(192.168.0.4):SA:0(-4.3/5.0):. Processed in 0.725708 secs); 08 Aug 2004 22:11:02 -0000 X-Spam-Status: No, hits=-4.3 required=5.0 X-Qmail-Scanner-Mail-From: clement@FreeBSD.org via goofy.cultdeadsheep.org X-Qmail-Scanner: 1.22st (Clear:RC:1(192.168.0.4):SA:0(-4.3/5.0):. Processed in 0.725708 secs Process 26863) Received: from unknown (HELO satan.cultdeadsheep.org) (192.168.0.4) by 192.168.0.1 with SMTP; 9 Aug 2004 00:11:01 +0200 Date: Mon, 9 Aug 2004 00:10:39 +0200 From: Clement Laforet To: "Reid Johnson" Message-Id: <20040809001039.193e1610.clement@FreeBSD.org> In-Reply-To: <200408082147.i78LlwV8019960@mclaren.corenetwork.ca> References: <200408082147.i78LlwV8019960@mclaren.corenetwork.ca> Organization: FreeBSD Project X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Mon__9_Aug_2004_00_10_39_+0200_tNJnRvg56sDrkESc" X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on goofy.cultdeadsheep.org X-Spam-Level: cc: ports@FreeBSD.org Subject: Re: Can you spare a monment to help me with haproxy? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Aug 2004 22:11:09 -0000 --Signature=_Mon__9_Aug_2004_00_10_39_+0200_tNJnRvg56sDrkESc Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Sun, 8 Aug 2004 15:48:43 -0600 "Reid Johnson" wrote: Hi Reid ! > First of all I must say thank you in advance for any assistance you > can provide, also I do understand if you are to busy to spare some > time. Haproxy is a great tool and has been serving me well, but I > would like to pass client IP's onto my web servers for logging. I > thought I had my config correct but obviously not, after reading the > docs it looked like the forwardfor option was the solution. My proxy > still passes its own IP to the web servers. Any ideas? Sure :) forwardfor sets X-Forwarded-For in header. To have IP client in logyou have 2 solution: 1. Logging X-Forwarded-For header, %{X-Forwarded-For}i should take last entry. 2. A better solution is to uses an apache module like www/mod_extract_forwarded(2) or www/mod_rpaf(2) to tell apache to use X-Forwarded-For internally (for logging, and IP based access) (be carefull, since X-forwarded-for can be spoofed! you have to correclty set modules and haproxy to remove X-forwarded-for header too) You should use solution 2. ;-) clem --Signature=_Mon__9_Aug_2004_00_10_39_+0200_tNJnRvg56sDrkESc Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD4DBQFBFqThsRhfjwcjuh0RAgzyAJi6pZ8Gd2xFhHs9z5dv8Vl/AmqMAJ0W6mKk ojoYhnd5hJaUdJdU2dhsgw== =Dj2I -----END PGP SIGNATURE----- --Signature=_Mon__9_Aug_2004_00_10_39_+0200_tNJnRvg56sDrkESc--