Re: Public ip not showing using HAproxy

From: Joseph Hardeman <jhardeman#colocube.com>
Date: Sun, 07 Jun 2009 23:21:05 -0400


Hi Nelson,

You need to enable the forwardfor option, put "option forwardfor" in the listen section.

The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which contains the client's IP address. So you will need to configure your web server to capture the X-Forwarded-For header and then you will need to modify your Java app to then see that.

For instance in Apache, you can set LogFormat in Apache configuration file as follows:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

This was from a previous email I have in my email. *S* But that is an example of how to setup logging to capture the X-Forwarded-For header in the Apache Logs. With IIS, seeing your naming below I am not sure how you would capture the header.

Hope this helps.

Joe

Nelson Serafica wrote:
> I just installed HAProxy. We have a java program that will check the
> public ip address of the client who are viewing the web page.
>
> But when I use HAProxy, it is no more showing the public ip address.
> Instead, the ip shown was the ip address of the back end servers (e.g.
> 10.0.10.4 and 10.0.10.5). Since HAProxy is only use for proxying, I
> believe it should work. I'm new to HAProxy so I'm asking you guys if
> you knew some solutions to my problem. I have installed haproxy and
> was satisfied with it.
>
> Here is my HAproxy cfg
>
> listen NT_SERVERS 111.222.333.444:80
> mode http
> balance roundrobin
> cookie igx insert
> server NT1 10.0.10.4:80 <http://10.0.10.4:80> cookie nt1
> maxconn 2500 check
> server NT2 10.0.10.5:80 <http://10.0.10.5:80> cookie nt2
> maxconn 2500 check
> stats uri /my_stats
> stats realm Global\ statistics
> stats auth admin:password
> global
>
> maxconn 10000 # Total Max
> Connections.
> log 127.0.0.1
> local0
>
> log 127.0.0.1 local1
> notice
>
> daemon
>
> nbproc 1 # Number of
> processes
> user
> haproxy
>
> group
> haproxy
>
> chroot /var/chroot/haproxy
>
>
> defaults
>
> log
> global
>
> option
> httplog
>
> mode
> tcp
>
> clitimeout
> 60000
>
> srvtimeout
> 30000
>
> contimeout
> 4000
>
> retries
> 3
>
>
> redispatch
>
> option httpclose
>
>
> TIA
 >
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. 

-- 
This message has been scanned for viruses by Colocube's AV Scanner
Received on 2009/06/08 05:21

This archive was generated by hypermail 2.2.0 : 2009/06/08 05:30 CEST