Trenton, To clarify I believe it will stick on XFF header if present but if not present fall back to stick on source.IP. Basically, it will use the first working "stick on" declaration, source IP will always work as there will always be one so that goes in as a last resort.
Aaron West Loadbalancer.org www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 aa...@loadbalancer.org LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG On 26 July 2017 at 19:36, Andrew Smalley <asmal...@loadbalancer.org> wrote: > Hi Trenton > > Here we use the stick on src ( Source IP ) and X-Forward-For method so we > can stick on both criteria > > Also the -1 to move the XFF IP back, Imagine there are 2 or 3 proxy's all > inserting X-Forward-For the -1 could also be -2 or -3 etc to move the ip > forward in the list > > 192.168.100.12 172.16.21.20 172.31.31.2 > > -1 would put the red address like this > > 172.16.21.20 172.31.31.2 > > I hope that all makes sense > > > Andruw Smalley > > Loadbalancer.org Ltd. > > www.loadbalancer.org > +1 888 867 9504 / +44 (0)330 380 1064 > asmal...@loadbalancer.org > > Leave a Review | Deployment Guides | Blog > > > On 25 July 2017 at 19:42, Trenton Dyck <trenton.d...@uxpsystems.com> wrote: >> >> Andrew, >> >> >> >> Thanks for this suggestion! When you say ‘move the XFF header back’ and >> you have a second stick on parameter what is the behavior you expect? Will >> it use src ip if no X-Forwarded-For header is present (our desired >> behavior)? >> >> >> >> Thanks, >> >> Trent >> >> >> >> From: Andrew Smalley [mailto:asmal...@loadbalancer.org] >> Sent: Tuesday, July 25, 2017 12:54 PM >> To: Trenton Dyck >> Cc: Aleksandar Lazic; haproxy@formilux.org >> Subject: Re: X-Forwarded-For Balancing >> >> >> >> Hi Trenton >> >> I hope the below example will help you with X-Forward-For + Stick table + >> replication >> >> listen VIP_Name >> >> bind 192.168.100.50:65435 transparent >> >> mode http >> >> balance roundrobin >> >> option forwardfor if-none >> >> stick on hdr(X-Forwarded-For,-1) # Note the ,-1 is to move the XFF >> header back one place in the list. >> >> stick on src >> >> stick-table type string len 64 size 10240k expire 30m peers >> loadbalancer_replication >> >> server backup 127.0.0.1:9081 backup non-stick >> >> option http-keep-alive >> >> timeout http-request 5s >> >> option redispatch >> >> option abortonclose >> >> maxconn 40000 >> >> server RIP_Name 192.168.100.200:80 weight 100 check inter 500 rise >> 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions >> >> server RIP_Name-1 192.168.100.255:80 weight 100 check inter 500 >> rise 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions >> >> >> Andruw Smalley >> >> Loadbalancer.org Ltd. >> >> www.loadbalancer.org >> >> +1 888 867 9504 / +44 (0)330 380 1064 >> >> asmal...@loadbalancer.org >> >> Leave a Review | Deployment Guides | Blog >> >> >> >> On 25 July 2017 at 17:36, Trenton Dyck <trenton.d...@uxpsystems.com> >> wrote: >> >> Hi Alek, >> >> I want to balance via round-robin, but I want stick-tables to use the >> X-Forwarded-For header instead of src ip. It makes sense in our use case >> because a vast majority of our clients are behind a NAT and have the same >> source IP, but the X-Forwarded-For header is unique to them. >> >> Thanks, >> Trent >> >> >> -----Original Message----- >> From: Aleksandar Lazic [mailto:al-hapr...@none.at] >> Sent: Tuesday, July 25, 2017 11:20 AM >> To: Trenton Dyck >> Cc: haproxy@formilux.org >> Subject: Re: X-Forwarded-For Balancing >> >> Hi Trenton, >> >> Trenton Dyck wrote on 25.07.2017: >> >> > Hi, >> > >> > Is it possible to balance, via X-Forwarded-For header? We have come >> > across an issue with sticky-sessions and server weight that I can't >> > seem to find the answer to online (Unbalanced traffic). I think >> > stick-tables with this acl option would be nice to have for a future >> > version. >> >> http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balance >> >> Something like this >> >> balance hdr(X-Forwarded-For) >> >> Does it make sense to balance based on this header?! >> What's the issue you want to solve? >> >> What do you mean with "stick-tables with this acl option"? >> >> > Please keep met CCed for responses since I'm not subscribed. >> > >> > Thanks, >> > >> > Trent >> >> -- >> Best Regards >> Aleks >> >> > >
