Hello, I think I've found a problem how http-request set-src interacts with PROXY protocol on backend servers.
Very simple setup: listen default bind :8888 http-request set-src req.hdr_ip(X-Forwarded-For) server localhost 127.0.0.1:80 send-proxy wget -4 --header='X-Forwarded-For: 192.0.2.1' -O /dev/null -S http://localhost:8888 gives PROXY TCP4 192.0.2.1 127.0.0.1 0 8888 wget -6 --header='X-Forwarded-For: 2001:db8::1' -O /dev/null -S http://localhost:8888 gives PROXY TCP6 2001:db8::1 ::1 0 8888 but both: wget -4 --header='X-Forwarded-For: 2001:db8::1' -O /dev/null -S http://localhost:8888 wget -6 --header='X-Forwarded-For: 192.0.2.1' -O /dev/null -S http://localhost:8888 give PROXY UNKNOWN Log files report correct IPs in all cases. The same problem exists for frontend listening on UNIX sockets, just in that case I always get PROXY UNKNOWN. haproxy -vv: HA-Proxy version 1.6.9-2 2016/09/28 Copyright 2000-2016 Willy Tarreau <wi...@haproxy.org> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fdebug-prefix-map=/build/haproxy-XsW4aZ/haproxy-1.6.9=. -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_NS=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.2j 26 Sep 2016 Running on OpenSSL version : OpenSSL 1.0.2j 26 Sep 2016 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.39 2016-06-14 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with Lua version : Lua 5.3.1 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with network namespace support Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. -- Janusz Dziemidowicz