Hi Robert, You can develop a netfilter module to change src ipaddr from haproxy's self ip to client ipaddr for backend servers.
But this solution maybe decrease the whole performance of haproxy box for about 20%. this is a reference : http://www.zeus.com/community/extensions/zeus-kernel-modules-linux James Zhang 2011/6/10 Willy Tarreau <[email protected]>: > Hi Robert, > > On Thu, Jun 09, 2011 at 04:23:46PM -0400, Robert Lassiter wrote: >> I am sure it's been asked before, I can find some vague references on how to >> accomplish this but nothing that does not include recompiling the kernel. I >> think these posts are out of date. So, sorry in advance but here's the >> question. I have about 1000 listen (groups) and need to pass the client IP >> to the physical server that receives the http request. And this is all HTTP, >> nothing else... > > If it's HTTP, then "option forwardfor" is preferred. It adds the well known > "X-Forwarded-For" header in the request and the servers will be able to use > it to retrieve the client's IP address. There are modules for virtually every > server to use it, check mod_rpaf for Apache. > > If you want to enable transparent mode, you'll have to use a very recent > kernel (or a patched one), make a non-trivial configuration, and change > all of your servers' routing so that their default gateway becomes the > machine running haproxy, because the return traffic must pass there too. > > Quite frankly, if you manage the web servers yourself, the best solution > is the X-Forwarded-For header ! > > Regards, > Willy > >
