Hi,
Le 21/05/2014 08:29, Jürgen Haas a écrit :
Hi there,
I'm having some issues with the forward-for feature. It seems to be
working in general but for some reason not consistently. My default
section in the config file looks like this:
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
retries 3
maxconn 1000
timeout connect 5000ms
timeout client 120s
timeout server 120s
default_backend backend_ts1
The apache config files on all web servers are configured so that they
use the X-Forwarded-For header field if available:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
CustomLog ${APACHE_LOG_DIR}/access.log proxy env=forwarded
However, a lot of requests still get logged with the IP address of the
proxy instead of the original client.
We are using HA-Proxy version 1.5-dev19 2013/06/17 and I wonder if
anyone had an idea what the reason for that could be.
From the configuration you provided, you are using the "tunnel" mode,
which means only the first request of a HTTP connection will be analyzed
(and modified), evething after the last header of this request is
considered as data. This is also true for next requests coming on this
connection due to HTTP Keep-alive.
This was the default mode until haproxy 1.5-dev22.
Please upgrade to the latest snapshot to change the default or use
"option http-server-close" (or if really needed "option httpclose").
Note that "option http-keep-alive" is also a solution but was only
imlemented in haproxy 1.5-dev20.
--
Cyril Bonté
