My environment uses Akamai for cdn and I've never heard of this requirement. We get an x-forwarded-for header, along with some other Akamai specific stuff. I've never has issues with our report on compliance running it this way.
I would push back on your provider. Is using option hdr 22 even a standard thing? I really don't get how it helps with compliance status at all. Sent from my iPad > On Jul 25, 2014, at 7:38 AM, Kobus Bensch <[email protected]> > wrote: > > Hi > > We use HAProxy extensively and until a few days ago, had no problem with > capturing the IP address of clients in X-Forward-IP portion of the HAproxy > config. > > We have now, due to requirements in other countries, taken a service with a > CDN provider. As the specific service is required to be PCI compliant, the > only way they can provide us with the client IP address is to put it in the > TCP option header 22. The last 32 bits of this header will contain the client > IP address in HEX format. > > How, if at all possible, can this be transferred from this header into the > X-Forward-For header on HAProxy so we can capture it in our application for > further analysis in our back end systems? > > We use HAProxy 1.5.1, soon to be 1.5.2 on Centos 6.5. Our HAProxy sits in > front of Apache HTTPD. > > Thanks in advance > > Kobus > > Trustpay Global Limited is an authorised Electronic Money Institution > regulated by the Financial Conduct Authority registration number 900043. > Company No 07427913 Registered in England and Wales with registered address > 130 Wood Street, London, EC2V 6DL, United Kingdom. > > For further details please visit our website at www.trustpayglobal.com. > > The information in this email and any attachments are confidential and remain > the property of Trustpay Global Ltd unless agreed by contract. It is intended > solely for the person to whom or the entity to which it is addressed. If you > are not the intended recipient you may not use, disclose, copy, distribute, > print or rely on the content of this email or its attachments. If this email > has been received by you in error please advise the sender and delete the > email from your system. Trustpay Global Ltd does not accept any liability for > any personal view expressed in this message.
