Hello,
I've got a big chunk of time free and would like to scratch my own itch by
implementing the PROXY protocol, as defined at this URL:
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
My thoughts are to initially implement version 1 of the protocol as part of the
HTTP server component. This will allow SSL frontends such as stunnel to pass
through client IP information, a feature that seems to be often requested.
I'm completely new to the Varnish source; after having a little look today I
assume that a VMOD will not be possible due to the integration required into
the HTTP parser.
On first looks, I'm thinking of a detection hook in http1_detect(), although
I'd have to figure out some way to indicate that it's the first http request
handled on a new connection. If a PROXY line is detected, the code would put
the source/destination IP addresses and ports into new variables (maybe
something like proxy.source_ip, proxy.dest_ip, proxy.source_port,
proxy.dest_port) and leave it up to the user to build an X-Forwarded-For header
in VCL should they wish (after checking that client.ip is trusted.)
Detecting the PROXY line should just be a single memcmp; I'm not sure whether
the community would want this feature to be able to be manually enabled and
disabled.
Is anyone else currently working on this? Does this idea and general strategy
seem sound?
Thanks for your help and suggestions.
Roger
_______________________________________________
varnish-dev mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
