Hello!
With option forwardfor, haproxy adds X-Forwarded-For header at the end
of header list.
But according to wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
and other HTTP proxies (say, nginx)
there is standard format to specify several intermediate IP addresses:
X-Forwarded-For:
I'm not sure if this is a bug in HAProxy, or if upgrading HAProxy to 1.4 has
uncovered a bug in my application.
I am developing a web app that uses long polling. I'm proxying its requests
through haproxy. I've noticed that when reload the page in the browser
(which presumably severs the
Hi Cory,
On Thu, Mar 24, 2011 at 01:10:49PM -0400, Cory Forsyth wrote:
I'm not sure if this is a bug in HAProxy, or if upgrading HAProxy to 1.4 has
uncovered a bug in my application.
I am developing a web app that uses long polling. I'm proxying its requests
through haproxy. I've noticed
Hi Charles,
On Thu, Mar 24, 2011 at 05:14:09PM +, Charles Duffy wrote:
Howdy!
I'm using HAProxy in TCP mode to redirect traffic to my database servers,
with a HTTP check to filter for servers appropriate to each pool -- a
master pool (of only one server, the identity of which may
Hello Dmitry,
On Thu, Mar 24, 2011 at 05:28:13PM +0300, Dmitry Sivachenko wrote:
Hello!
With option forwardfor, haproxy adds X-Forwarded-For header at the end
of header list.
But according to wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
and other HTTP proxies (say, nginx)
I know there have been several emails about this, but what is the most
secure way of logging the client's IP address in the application code?
Do you just log the full X-Forwarded-For comma delimited value?
Also, can't they manipulate the X-Forwarded-For header in the HTTP
request?
Regards,
On Thu, Mar 24, 2011 at 4:35 PM, bradford fingerm...@gmail.com wrote:
I know there have been several emails about this, but what is the most
secure way of logging the client's IP address in the application code?
Do you just log the full X-Forwarded-For comma delimited value?
Also, can't they
On Thu, Mar 24, 2011 at 5:01 PM, Ben Timby bti...@gmail.com wrote:
Delete any existing headers using reqdel/reqidel.
reqidel X-Forwarded-For
option forwardfor
This will ensure the only one the backed sees is the one you added.
Sorry, more like:
reqidel ^X-Forwarded-For:.*
Found that in
I don't think you'll find NAT capabilities in any proxy. I think a
fair distinction between a proxy and a NAT device is:
- a proxy actually listens and will call accept to create a separate
socket connection with both client and server
- a NATing device doesn't know about sockets at all and will
Hi David,
I'd argue HAProxy is more of a L4-7 load balancer than just a proxy, and
that's what we're trying to use it as on L4.
The functionality I need to replace is Half-NAT in a hardware load balancer:
Select a backend server according to the SLB algorithm and rewrite the
destination address
On Thu, Mar 24, 2011 at 4:59 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Hi All,
I'm trying to find documentation on configuring HAProxy to do half-NAT, but
can't seem to find any. Does HAProxy not support half-NAT or does it call it
something else? Thank you in advance for your
On Thu, Mar 24, 2011 at 04:35:57PM -0400, bradford wrote:
I know there have been several emails about this, but what is the most
secure way of logging the client's IP address in the application code?
Do you just log the full X-Forwarded-For comma delimited value?
Also, can't they manipulate
On Thu, Mar 24, 2011 at 5:27 PM, Ben Timby bti...@gmail.com wrote:
On Thu, Mar 24, 2011 at 4:59 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Hi All,
I'm trying to find documentation on configuring HAProxy to do half-NAT, but
can't seem to find any. Does HAProxy not support
, haproxy
is reconnecting to IP 0.0.0.0 on the target port. IP 0.0.0.0 is
any IP, and the system connects to whatever IP it is listening
on. Thus you have a loop.
I merged the fix into the git tree, it is in the 20110324 snapshot
if you want to give it a try again.
I need to quickly release an 1.5-dev5
On Thu, Mar 24, 2011 at 05:59:50PM -0400, David Birdsong wrote:
On Thu, Mar 24, 2011 at 5:27 PM, Ben Timby bti...@gmail.com wrote:
On Thu, Mar 24, 2011 at 4:59 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Hi All,
I'm trying to find documentation on configuring HAProxy to do
Hi Dorin,
On Wed, Mar 23, 2011 at 10:15:32AM -0700, Dorin Cornea wrote:
Hey guys,
I would like to set up HAProxy to forward HTTP requests to several backend
servers but I need it to also rewrite the URI part based on the Host header.
I've read through the doc but it seems that reqirep isn't
Hello James,
On Wed, Mar 23, 2011 at 05:03:31PM -0400, James Bardin wrote:
Hello,
I've been going through haproxy in depth recently, but I can't quite
figure out the details with full, min, and maxconn.
Aie, I hate to explain that, it's complex, I explain it badly and after
that, people
Hi Bryan,
On Wed, Mar 23, 2011 at 09:27:01PM +, Cassidy, Bryan wrote:
Hi all,
I've noticed an odd (lack of) interaction between maxconn and option
httpchk...
If a server's maxconn limit has been reached, it appears that HTTP health
checks are still dispatched. If I've configured
connects to whatever IP it is listening
on. Thus you have a loop.
Great, thanks Willy. I must have missed that one on the list.
I merged the fix into the git tree, it is in the 20110324 snapshot
if you want to give it a try again.
I need to quickly release an 1.5-dev5 with this fix, but as I
If you mean something like half-NAT described below...
http://lbwiki.com/index.php/NAT
That's exactly what I mean by half-NAT.
Then you are looking for the TPROXY support of HAProxy...
http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/
Anyway the purist in me will say that this is not NAT, as there is no
relation between the packets of each side, this is still proxying but
with spoofed addresses.
Hey, I don't care what HAProxy wants to call it...y'all have it is all that
matters for me. :)
I just come from a traditional
On Thu, Mar 24, 2011 at 4:14 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Anyway the purist in me will say that this is not NAT, as there is no
relation between the packets of each side, this is still proxying but
with spoofed addresses.
Hey, I don't care what HAProxy wants to
somebody wanna make it do DSR next? :)
-r
Just from a cursory look, that seems like something TPROXY would need to be
extended to support and then HAProxy could leverage it. Should only take a
weekend right? ;)
-J
On Thu, Mar 24, 2011 at 05:14:29PM -0600, Jason J. W. Williams wrote:
Anyway the purist in me will say that this is not NAT, as there is no
relation between the packets of each side, this is still proxying but
with spoofed addresses.
Hey, I don't care what HAProxy wants to call
On Thu, Mar 24, 2011 at 05:41:56PM -0600, Jason J. W. Williams wrote:
somebody wanna make it do DSR next? :)
-r
Just from a cursory look, that seems like something TPROXY would need to be
extended to support and then HAProxy could leverage it. Should only take a
weekend right? ;)
25 matches
Mail list logo