It was a method I found online without really understanding what X-Forwarded-For header does.
Traffic does not pass through a reverse proxy before hitting HAProxy. It should be a direct hit from the client. Is there a header I can compare to our whitelist to reliably get all incoming traffic’s originating IP? REMOTE_ADDR, CLIENT_IP, etc? Thanks From: [email protected] [mailto:[email protected]] On Behalf Of Jonathan Matthews Sent: Thursday, July 17, 2014 1:29 PM To: haproxy Subject: Re: Using a Whitlist to Redirect Users not on the Whitelist On 17 Jul 2014 18:15, "JDzialo John" <[email protected]<mailto:[email protected]>> wrote: > I am creating a whitelist of subnets allowed to access HAPROXY during > maintenance. Basically I want to redirect everyone to our maintenance page > other than users in the whitelisted file. > > This is not working and is forwarding everyone to the maintenance page > despite being a member of a whitelisted subnet. > (10.0.0.0/8<http://10.0.0.0/8>) > > Is using the hdr_ip(X-Forwarded-For) in the acl the way to go Unless your traffic is passing through another reverse proxy which inserts this header before it hits HAProxy, no. Why are you choosing to use that header?
