On Thu, 20 Dec 2007, Jean-Baptiste Quenot wrote:
> Hi there,
Hi,
> I'm using the forwardfor option so that haproxy adds the originating
> IP in the X-Forwarded-For http request header. This works great, but
> sometimes the request already has an X-Forwarded-For header, and ip
> addresses get appended, like:
>
> X-Forwarded-For: 1.2.3.4, 2.3.4.5, 3.4.5.6
As far as I know haproxy adds additional X-Forwarded-For headers, so it would rather look like:
X-Forwarded-For: 1.2.3.4 X-Forwarded-For: 1.2.3.5 X-Forwarded-For: 3.4.5.6
> As multiple values are impractical to handle in Apache and awstats, do
> you think it makes sense to add an option in haproxy so that the
> X-Forwarded-For header is replaced instead?
I handled this by:
option forwardfor
reqirep ^(X-Forwarded-For:)(.*) X-Forwarded-For2:\2
However, this does not work well with https connections, when it is stunnel not haproxy that adds X-Forwarded-For. I had been thinking about adding a possibility to rename everything except first/last header but as I get stuck with other tasks lately I haven't tuch this problem yet.
Best regards,
Krzysztof Olędzki Received on 2007/12/20 13:38
This archive was generated by hypermail 2.2.0 : 2007/12/20 13:45 CET