Hey Jürgen,
sometimes there are multiple IP addresses in the X-Forwared-For Header.
Especially mobile clients can hit your loadbalancer with pre-populated
X-Forwarded-For headers. The IP addresses will be chained with commas.
Maybe its a parsing issue that apache only takes the last or the first
of those IPs?
We rely on that aspect heavily and it seems to work fine in general with
1.5-dev25
Kind regards,
John
Jürgen Haas wrote:
Hi there,
I'm having some issues with the forward-for feature. It seems to be
working in general but for some reason not consistently. My default
section in the config file looks like this:
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
retries 3
maxconn 1000
timeout connect 5000ms
timeout client 120s
timeout server 120s
default_backend backend_ts1
The apache config files on all web servers are configured so that they
use the X-Forwarded-For header field if available:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
CustomLog ${APACHE_LOG_DIR}/access.log proxy env=forwarded
However, a lot of requests still get logged with the IP address of the
proxy instead of the original client.
We are using HA-Proxy version 1.5-dev19 2013/06/17 and I wonder if
anyone had an idea what the reason for that could be.
Thanks in advance
Jürgen
--
John-Paul Bader | Software Development
www.wooga.com
wooga GmbH | Saarbruecker Str. 38 | D-10405 Berlin
Sitz der Gesellschaft: Berlin; HRB 117846 B
Registergericht Berlin-Charlottenburg
Geschaeftsfuehrung: Jens Begemann, Philipp Moeser
