Hello Phil, On Tue, May 12, 2015 at 07:54:35AM +0100, Phil Daws wrote: (...) > the issue is that if I go to the web site via HTTPS, which does not pass > through a CDN, then the correct client IP is being passed through but if I go > via HTTP its the CDN's IP which is being presented. When I was using > real_ip_header x-forward-for then it would work fine, but that broke the > HTTPS side of things. Some how need to get the x-forward-for IP, if its > present, into the proxy_protol one. Is that possible ?
For now I don't see how to do this. While it is possible to spoof the original IP address extracted from the x-forwarded-for header, I'm not seeing a way to do that for proxy-proto. In fact we could imagine to have an http-request rule to replace the incoming connections's source with something extracted from a header, that would solve most use cases I think. Regards, Willy
