Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 9 Aug 2004 00:10:39 +0200
From:      Clement Laforet <clement@FreeBSD.org>
To:        "Reid Johnson" <rjohnson@corenetwork.ca>
Cc:        ports@FreeBSD.org
Subject:   Re: Can you spare a monment to help me with haproxy?
Message-ID:  <20040809001039.193e1610.clement@FreeBSD.org>
In-Reply-To: <200408082147.i78LlwV8019960@mclaren.corenetwork.ca>
References:  <200408082147.i78LlwV8019960@mclaren.corenetwork.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
--Signature=_Mon__9_Aug_2004_00_10_39_+0200_tNJnRvg56sDrkESc
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

On Sun, 8 Aug 2004 15:48:43 -0600
"Reid Johnson" <rjohnson@corenetwork.ca> wrote:

Hi Reid !
 
> First of all I must say thank you in advance for any assistance you
> can provide, also I do understand if you are to busy to spare some
> time. Haproxy is a great tool and has been serving me well, but I
> would like to pass client IP's onto my web servers for logging. I
> thought I had my config correct but obviously not, after reading the
> docs it looked like the forwardfor option was the solution. My proxy
> still passes its own IP to the web servers. Any ideas?

Sure :)
forwardfor sets X-Forwarded-For in header.
To have IP client in logyou have 2 solution:
1. Logging X-Forwarded-For header, %{X-Forwarded-For}i should take last
entry.
2. A better solution is to uses an apache module like
www/mod_extract_forwarded(2) or www/mod_rpaf(2) to tell apache to use
X-Forwarded-For internally (for logging, and IP based access)
(be carefull, since X-forwarded-for can be spoofed! you have to
correclty set modules and haproxy to remove X-forwarded-for header too)

You should use solution 2. ;-) 

clem

--Signature=_Mon__9_Aug_2004_00_10_39_+0200_tNJnRvg56sDrkESc
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD4DBQFBFqThsRhfjwcjuh0RAgzyAJi6pZ8Gd2xFhHs9z5dv8Vl/AmqMAJ0W6mKk
ojoYhnd5hJaUdJdU2dhsgw==
=Dj2I
-----END PGP SIGNATURE-----

--Signature=_Mon__9_Aug_2004_00_10_39_+0200_tNJnRvg56sDrkESc--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040809001039.193e1610.clement>