On Thu, Jan 29, 2015 at 09:57:32AM -0800, Warren Turkal wrote: > I am using HAProxy 1.5.10. My config looks something like the following: > > frontend main > bind *:8080 accept-proxy > use backend blah > > backend blah > server 10.0.0.1 > > When I am accepting proxy protocol connections on the bind line in my front > end, I would like to add an X-Forwarded-For header that identifies the > original client from the proxy protocol info. Is there some pattern folks > use to do that? Does "option forwardfor" do this, or do I need to reqadd > the header manually?
The proxy protocol will replace the client's IP address everywhere in the internal structs, so for haproxy, the *real* client will be the one advertised there. Thus if you use "option forwardfor", the address presented in the proxy protocol will appear in the x-forwarded-for header. For example, let's say you're deploying an haproxy setup in AWS. You set up ELB to enable the proxy protocol, and haproxy as configured above plus optoin forwardfor. The server will then get a request from haproxy with a header identifying the original client (the one ELB sees). hoping this helps, Willy
