Re: HaProxy - need calculations about numbers of x-forwarded-for

From: Willy Tarreau <>
Date: Thu, 10 Jul 2008 06:20:17 +0200

Hi George,

On Mon, Jul 07, 2008 at 02:28:01PM +0300, Georgi Georgiev wrote:
> Hi to all,
> I'm using stunnel and Haphoxy :. I'm wondering how many x-forwarded-for we
> be exit if client are coming from proxy ( like squid ) ?
> If it's only one - what will happened with original client IP ?

stunnel will just concatenate x-forwarded-for after existing one(s), and haproxy will do the same. So at the end, your server might very well see a list of x-forwarded-for headers (as is already the case with stacked proxies).

It is a pretty annoying header to manipulate, because you have to use it reversed : in your infrastructure, you know that you want header[last], header[last-1] or header[last-2] etc... depending on the number of proxies you pass through before reaching your application.

You can tell haproxy not to add one for some source networks, and this is typically used with SSL reverse-proxies. This way, you can ensure that your application will only have to care about the last one and nothing else.

Willy Received on 2008/07/10 06:20

This archive was generated by hypermail 2.2.0 : 2008/07/10 06:30 CEST