xforwardedfor flag set but haproxy logs indicate failure to set flag

Wed, 12 Aug 2009 18:55:41 -0700

I patched and compiled stunnel 4.20 using the patch provided on the haproxy site.
Everything compiled well, stunnel starts, but when i look at the haproxy logs, the requesting IP doesnt represent the client but instead teh stunnel (local IP). 

Is this normal behavior?

stunnel.conf

debug=7
output=/var/log/stunnel.log

cert=/user/local/etc/stunnel/stunnel.pem
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1

[https]
accept=<serverIP>:443
connect=<serverIP>:80
xforwarededfor=yes

stunnel.log


2009.08.12 21:33:21 LOG7[31521:3086400400]: Connection from  
192.168.124.16:47378permitted by libwrap
2009.08.12 21:33:21 LOG5[31521:3086400400]: https accepted connection  
from192.168.124.16:47378
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): before/ 
accept initialization
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
read client hello A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
write server hello A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
write certificate A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
write server done A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
flush data

2009.08.12 21:33:21 LOG7[31521:3086403280]: Cleaning up the signal pipe

2009.08.12 21:33:21 LOG6[31521:3086403280]: Child process 31538  
finished with code 0
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
read client key exchange A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
read finished A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
write change cipher spec A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
write finished A
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL state (accept): SSLv3  
flush data
2009.08.12 21:33:21 LOG7[31521:3086400400]:    1 items in the session  
cache
2009.08.12 21:33:21 LOG7[31521:3086400400]:    0 client connects  
(SSL_connect())
2009.08.12 21:33:21 LOG7[31521:3086400400]:    0 client connects that  
finished
2009.08.12 21:33:21 LOG7[31521:3086400400]:    0 client renegotiations  
requested
2009.08.12 21:33:21 LOG7[31521:3086400400]:    1 server connects  
(SSL_accept())
2009.08.12 21:33:21 LOG7[31521:3086400400]:    1 server connects that  
finished
2009.08.12 21:33:21 LOG7[31521:3086400400]:    0 server renegotiations  
requested

2009.08.12 21:33:21 LOG7[31521:3086400400]:    0 session cache hits
2009.08.12 21:33:21 LOG7[31521:3086400400]:    0 session cache misses
2009.08.12 21:33:21 LOG7[31521:3086400400]:    0 session cache timeouts

2009.08.12 21:33:21 LOG6[31521:3086400400]: SSL accepted: new session  
negotiated
2009.08.12 21:33:21 LOG6[31521:3086400400]: Negotiated ciphers: RC4- 
MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5

2009.08.12 21:33:21 LOG7[31521:3086400400]: FD 8 in non-blocking mode

2009.08.12 21:33:21 LOG7[31521:3086400400]: https connecting  
10.0.0.20:80
2009.08.12 21:33:21 LOG7[31521:3086400400]: connect_wait: waiting 10  
seconds

2009.08.12 21:33:21 LOG7[31521:3086400400]: connect_wait: connected

2009.08.12 21:33:21 LOG5[31521:3086400400]: https connected remote  
server from10.0.0.20:57678

2009.08.12 21:33:21 LOG7[31521:3086400400]: Remote FD=8 initialized

2009.08.12 21:33:21 LOG7[31521:3086400400]: TCP_NODELAY option set on  
remote socket
2009.08.12 21:33:21 LOG7[31521:3086400400]: SSL socket closed on  
SSL_read

2009.08.12 21:33:21 LOG7[31521:3086400400]: Socket write shutdown

2009.08.12 21:33:21 LOG5[31521:3086400400]: Connection closed: 0 bytes  
sent to SSL, 0 bytes sent to socket

2009.08.12 21:33:21 LOG7[31521:3086400400]: https finished (0 left)

2009.08.12 21:33:23 LOG7[31521:3086403280]: https accepted FD=7  
from192.168.124.16:47379

2009.08.12 21:33:23 LOG7[31521:3086400400]: https started
2009.08.12 21:33:23 LOG7[31521:3086400400]: FD 7 in non-blocking mode

2009.08.12 21:33:23 LOG7[31521:3086400400]: TCP_NODELAY option set on  
local socket

2009.08.12 21:33:23 LOG7[31521:3086400400]: FD 8 in non-blocking mode
2009.08.12 21:33:23 LOG7[31521:3086400400]: FD 9 in non-blocking mode
2009.08.12 21:33:23 LOG7[31521:3086403280]: Cleaning up the signal pipe

2009.08.12 21:33:23 LOG6[31521:3086403280]: Child process 31540  
finished with code 0



haproxy log


Aug 12 21:36:17 lb01 haproxy[3995]: 10.0.0.20:55497 [12/Aug/ 
2009:21:36:17.109] alfresco alfresco/PRI-Alf1 1/0/0/1/3 404 1245 - -  
---- 0/0/0/0/0 0/0 "GET /alfresco/images/logo/AlfrescoFadedBG.png HTTP/ 
1.1"




Thanks,

Adam





















					Reply via email to