Hi, Picking up this old thread, is there a way of actually replacing the client_ip in the logs with this captured header X-Forwarded-For? I'm using AWS and the current setup uses AWS LBs to deliver traffic to my HAProxy box, and this way every single client_ip I'm seeing in the logs is from the LB internal IP address - which is kind of wasted space...
Thanks, Pedro. On 5 Jul 2011, at 21:25, Julien Vehent <[email protected]> wrote: > On Tue, 05 Jul 2011 16:17:24 +0100, Hugo Silva wrote: >> I just finished setting up apache+mod_security in front of haproxy: >> >> user--> apache+modsec --> haproxy --> webservers --> fastcgi >> >> The reasoning being that if apache was behind haproxy, then the backend >> (nginx+php) servers wouldn't show on the haproxy admin interface (the >> apaches would). >> >> I'm not 100% sure if this is the best way to go about it, but for the >> time being that's the approach. Feel free to suggest/discuss alternatives. >> >> >> Because the site is live, I'm doing this in phases. For now the firewall >> on the load balancers redirects incoming connections from certain IPs to >> the new apache+modsec setup, while everything else is business as usual. >> >> The few connections that go through the test setup get logged by haproxy >> as coming from 127.0.0.1. This is because the firewall redirects to >> 127.0.0.1:aaaa (apache) which then ProxyPass'es to haproxy >> (127.0.0.1:bbbb); therefore haproxy sees an incoming connection from >> 127.0.0.1. >> >> Apache properly sets the X-Forwarded-For header. >> >> Question: Can I somehow tell haproxy to log that instead? >> If it is possible, are there security implications ? > > > x-forwarded-for is a http header. like any other http header, you can ask > haproxy to log it by using > > frontend XYZ > [...] > option httplog > capture request header X-Forwarded-For len 50 > > > it will appear in the logs in field #14, enclosed between "{}" characters. > http://code.google.com/p/haproxy-docs/wiki/HTTPLogFormat > > > > Julien > >
