Re: Get http connection client/server ip/port

Fri, 05 Jul 2019 12:55:46 -0700 

Hi Jarno,

thanks for answer.
I tried to run the haproxy in debug mode, but I do not see the request headers 
for the upstream in the log.

But I have found some new facts.

Test these 2 scenarios, at this moment there is no valid certs

http://web01.test.host.sk/test.php <http://web01.test.host.sk/test.php>
https://web01.test.host.sk/test.php

look for the
X_SERVER_IP
X_SERVER_PORT
X_CLIENT_IP
X_CLIENT_PORT

See the difference?
For the HTTP, the values are correct, for HTTPS not.

I’m running RH SCL HAPROXY. I could try to compile newer version or are there 
any for CentOS7?

        regards
                Peter




> On 4 Jul 2019, at 18:42, Jarno Huuskonen <jarno.huusko...@uef.fi> wrote:
> 
> Hi,
> 
> On Thu, Jul 04, Peter Hudec wrote:
>> I have maybe found some bug in haproxy, submitted as 
>> https://github.com/haproxy/haproxy/issues/154 
>> <https://github.com/haproxy/haproxy/issues/154>.
> 
> 1.8.4 is fairly old, can you reproduce on more recent 1.8.x or latest 2.0.x ?
> 
>> The variables dst, dst_port are identical with the src, src_port.
>> 
>> Is there any other way how to get these /in this case dst/ values ??
>> 
>> What do I need is ..
>> 
>>    http-request set-header X-Server-IP %[dst]
>>    http-request set-header X-Server-Port %[dst_port]
>>    http-request set-header X-Client-IP %[src]
>>    http-request set-header X-Client-Port %[src_port]
>> 
>> result is ;(
>> 
>>  'HTTP_X_CLIENT_PORT' => '22696',
>>  'HTTP_X_CLIENT_IP' => '217.73.20.190',
>>  'HTTP_X_SERVER_PORT' => '22696',
>>  'HTTP_X_SERVER_IP' => '217.73.20.190’,
> 
> With this simple test config dst, dst_port etc. seem to work for me, does
> this config work for you ?
> 
> global
>       stats socket /tmp/stats level admin
> 
> defaults
>       mode http
>       log global
>       option httplog
> 
> frontend test
>       bind :8080
> 
>       default_backend test_be
> 
> backend test_be
>    http-request set-header X-Server-IP %[dst]
>    http-request set-header X-Server-Port %[dst_port]
>    http-request set-header X-Client-IP %[src]
>    http-request set-header X-Client-Port %[src_port]
> 
>       server srv1 127.0.0.1:9000 id 1
> 
> listen yeah
>       bind ipv4@127.0.0.1 <mailto:ipv4@127.0.0.1>:9000
>       http-request deny deny_status 200
> 
> run with for example haproxy -d -f tmp.conf and
> curl http://127.0.0.1:8080 <http://127.0.0.1:8080/> and you should see the 
> headers from haproxy debug
> output.
> 
> -Jarno
> 
> -- 
> Jarno Huuskonen

Reply via email to