I would rather say, patch haproxy so that it not only sends x-forwarded-for but also x-forwarded-for-sourceport. Patrick
On Sat, Jan 31, 2009 at 4:48 AM, John Lauro <[email protected]> wrote: > Hello, > > > > Running mode tcp in case that makes a difference for any comments, as I know > there are others options for http… > > > > I need to preserve for auditing the IP address of the clients and be able to > associate it with a session. One problem, it appears the client IP and port > are logged, however it appears that only the final server is logged, but not > the source port for the outgoing connection. In theory, assuming ntp in > sync, I should be able to tie the logs together if I had the port number > that was used in the outgoing connection. Is there some way to turn this > on, or am I just missing it from the logged line? > > > > The other option appears to be to setup haproxy act transparently. This > appears to be rather involved and sparse on details. Based on examples I > found on using squid with it, it appears to be more involved then just > updating kernel. If anyone can post some hints on their setup with haproxy > (sample config files and sample iptables (or are they not required)) that > would be great. If there is a yum repository with a patched kernel and > other bits ready to install that would be even better. > > > > In some ways it looks rather messy to setup and support, but IP tracking is > important. > > > > > >
