Can you spare a monment to help me with haproxy?
Clement Laforet
clement at FreeBSD.org
Sun Aug 8 15:11:09 PDT 2004
On Sun, 8 Aug 2004 15:48:43 -0600
"Reid Johnson" <rjohnson at corenetwork.ca> wrote:
Hi Reid !
> First of all I must say thank you in advance for any assistance you
> can provide, also I do understand if you are to busy to spare some
> time. Haproxy is a great tool and has been serving me well, but I
> would like to pass client IP's onto my web servers for logging. I
> thought I had my config correct but obviously not, after reading the
> docs it looked like the forwardfor option was the solution. My proxy
> still passes its own IP to the web servers. Any ideas?
Sure :)
forwardfor sets X-Forwarded-For in header.
To have IP client in logyou have 2 solution:
1. Logging X-Forwarded-For header, %{X-Forwarded-For}i should take last
entry.
2. A better solution is to uses an apache module like
www/mod_extract_forwarded(2) or www/mod_rpaf(2) to tell apache to use
X-Forwarded-For internally (for logging, and IP based access)
(be carefull, since X-forwarded-for can be spoofed! you have to
correclty set modules and haproxy to remove X-forwarded-for header too)
You should use solution 2. ;-)
clem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20040809/062e5aad/attachment.bin
More information about the freebsd-ports
mailing list