On Thu, Sep 27, 2012 at 8:50 AM, Willy Tarreau <[email protected]> wrote: >> I can see in the apache logs the chain of 3-4 IPs in the XFF header, >> and when I run tcpdump on an haproxy host I can also see multiple IPs >> in the XFF there - they just aren't being emitted by haproxy to the >> logs. (but the entire header, including all IPs, is being properly >> passed along to the backend Apache instances). > > OK but is there always only one XFF header when this happens or do you > notice a second XFF header ? The difference is important, not from an > HTTP point of view but due to how the captures work in haproxy, since > they take a full header line only. What I suspect is that you have one > XFF header with 3-4 IPs and another header with a single IP which gets > logged.
I'll go get some pcaps and report back a bit later (this has been pre-empted by another issue at work). > The archives you'd better use are the following ones : > > http://marc.info/?l=haproxy > http://blog.gmane.org/gmane.comp.web.haproxy > > I tend to prefer marc.info but it's a matter of taste. Oh and yes, I > should update the link on the haproxy site :-) marc, of course. this would have been obvious if I were still as active on lists as I were a few years ago. :) -- Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527 Less and less is done until non-action is achieved when nothing is done, nothing is left undone. -- the Tao of Sysadmin
