On Thu, 11 Jun 2015 16:51:14 +0200 Thibault Labrut <thibault.lab...@enioka.com> wrote:
> Hi Thierry, > > If I understand your propsition, my settings shourld be like this : You must add "option forwardfor" in the RP frontend. Thierry > > RP settings (no change) > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL > acl acl_test src 12.34.56.78 (IP client) > use_backend test if acl_test > > # Backend > backend test > server srv_ test test.maycompany.local:42 check > > > LB settings > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL (new acl setting) > acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 > use_backend test if acl_test > > # Backend > backend test > balance roundrobin > server test01 xx.xx.xx.xx:42 check > server test02 xx.xx.xx.xx:42 check > > Thibault Labrut. > > De : Thierry FOURNIER <tfourn...@haproxy.com> > Date : jeudi 11 juin 2015 11:56 > À : Thibault Labrut <t.lab...@pickup-services.com> > Cc : "haproxy@formilux.org" <haproxy@formilux.org> > Objet : Re: Need help about ACLs settings > > On Thu, 11 Jun 2015 09:06:43 +0000 > Thibault LABRUT <t.lab...@pickup-services.com> wrote: > > > Hello, > > > > I¹m going to install HA Proxy. > > > > My architecture is as folows : > > - 2 servers in DMZ => reverse proxy (RP) > > - 2 servers in LAN => Load balancing (LB) > > > > Several applications contact RP with different IP adress but with always de > > same port. > > > > With the settings as below the connection is up : > > > > RP settings > > > > # Frontend > > frontend http_test > > bind xx.xx.xx.xx:42 > > capture request header Host len 200 > > default_backend test > > > > # Backend > > backend test > > server srv_ test test.maycompany.local:42 check > > > > LB settings > > > > # Frontend > > frontend http_test > > bind xx.xx.xx.xx:42 > > capture request header Host len 200 > > default_backend test > > > > # Backend > > backend test > > balance roundrobin > > server test01 xx.xx.xx.xx:42 check > > server test02 xx.xx.xx.xx:42 check > > > > But in this case the connection is down : > > > > # Frontend > > frontend http_test > > bind xx.xx.xx.xx:42 > > capture request header Host len 200 > > > > # ACL > > acl acl_test src 12.34.56.78 (IP client) > > use_backend test if acl_test > > > > # Backend > > backend test > > server srv_ test test.maycompany.local:42 check > > > > LB settings > > > > # Frontend > > frontend http_test > > bind xx.xx.xx.xx:42 > > capture request header Host len 200 > > > > # ACL > > acl acl_test src 12.34.56.78 > > use_backend test if acl_test > > > > # Backend > > backend test > > balance roundrobin > > server test01 xx.xx.xx.xx:42 check > > server test02 xx.xx.xx.xx:42 check > > > > Can you say me what is the problem with my settings? > > > > > Hi, > > If I understand, you have two HAProxy chained, RP is in front and LB is > in back. > > In this case, the connexions received by the LB load balancer cannot > known the original IP source, because the connexions are established by > the LB load balancer with its own IP. > > You can use the header "x-forwarded-for" for string the original ip > source. The directive is "option forwardfor". On the LB HAProxy, you > can use a sample taht returns the content of the header > x-forwarded-for, like this: > > acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 > > best regards > Thierry > > > > Best Regards, > > > > Thibault Labrut. > > >
