Hi Sander,
Le 08/05/2013 22:26, Sander Klein a écrit :
Thanks everyone for answering. I'll play around a bit with my config and the
suggestions.
To complete the suggestions, here is the configuration I've used for
months on a personal website :
acl FROM_CLOUDFLARE src -f /etc/haproxy/cloudflare_ips.dat
reqidel ^X-Forwarded-For:.* if ! LOCALHOST
reqirep ^CF-Connecting-IP:(.*)$ X-Forwarded-For:\1 if FROM_CLOUDFLARE
option forwardfor if-none
/etc/haproxy/cloudflare_ips.dat is the content of
https://www.cloudflare.com/ips-v4
I prefered the use of reqirep to rename the CloudFlare header (no
changes were required in backends, where varnish and apache+mod_rpaf are
used).
Hope this helps.
--
Cyril Bonté
