I would rather say, patch haproxy so that it not only sends
x-forwarded-for but also x-forwarded-for-sourceport.
Patrick
On Sat, Jan 31, 2009 at 4:48 AM, John Lauro <john.lauro#covenanteyes.com> wrote:
> Hello,
>
>
>
> Running mode tcp in case that makes a difference for any comments, as I know
> there are others options for http…
>
>
>
> I need to preserve for auditing the IP address of the clients and be able to
> associate it with a session. One problem, it appears the client IP and port
> are logged, however it appears that only the final server is logged, but not
> the source port for the outgoing connection. In theory, assuming ntp in
> sync, I should be able to tie the logs together if I had the port number
> that was used in the outgoing connection. Is there some way to turn this
> on, or am I just missing it from the logged line?
>
>
>
> The other option appears to be to setup haproxy act transparently. This
> appears to be rather involved and sparse on details. Based on examples I
> found on using squid with it, it appears to be more involved then just
> updating kernel. If anyone can post some hints on their setup with haproxy
> (sample config files and sample iptables (or are they not required)) that
> would be great. If there is a yum repository with a patched kernel and
> other bits ready to install that would be even better.
>
>
>
> In some ways it looks rather messy to setup and support, but IP tracking is
> important.
>
>
>
>
>
>
Received on 2009/02/01 04:38
This archive was generated by hypermail 2.2.0 : 2009/02/01 04:45 CET