>> If you can't use layer 7 features then you can't access the
>> CF-Connecting-IP header in nginx.
>
> ...HAProxy, not Nginx, no ?
Yes, I mixed that up, haproxy was what I meant.
> Otherwise that would be nice to be able pass client IP address as an
> argument to send-proxy directive.
> Example: send-proxy hdr_ip(x-forwarded-for)
Thats what Aleks proposed with something like this:
http-request set-src hdr(CF-Connecting-IP)
This should work, but you will propably need http mode on the haproxy
side and disable keepalive towards the server, because you don't know
if cloudflare sends you requests from multiple clients in a single
keepalived TCP session (so you need to intercept the source IP
of all HTTP requests, not just the first one).
Regards,
Lukas
