Hi Arnall, On Tue, Jul 21, 2020 at 01:27:31PM +0200, Arnall wrote: > Hello everyone, > > I remember that in the past it was strongly discouraged to use http-reuse in > combination with send-proxy, because of the client IP which is provided by > the proxy protocol. > > I have this configuration : > > HA-Proxy version 2.0.14-1~bpo9+1 2020/04/16 - https://haproxy.org/ > > defaults > http-reuse always > > backend abuse > timeout server 60s > balance roundrobin > hash-balance-factor 0 > server s_abuse [email protected] send-proxy-v2 maxconn 4 > > listen l_abuse > bind [email protected] accept-proxy > http-request set-var(req.delay) int(500) > http-request lua.add_delay > server xxxx 192.168.000.aaa:80 maxconn 1 > server yyyy 192.168.000.bbb:80 maxconn 1 > server zzzzz 192.168.000.ccc:80 maxconn 1 > > Is it OK ? Because i have no warning when verifying the configuration, or > should i add a "http-reuse never" in "backend abuse" ?
It is now properly dealt with, by marking the connection private, which means it will not be shared at all. So what you'll see simply is that there is no reuse for connections employing send-proxy. So your config is safe, but you will just not benefit from the reuse. Anyway it's generally not a good idea to use proxy protocol over HTTP from an HTTP-aware agent. Better use Forward/X-Forwarded-for that passes the info per request and that nowadays everyone can consume. Regards, Willy
