On Tue, Jun 16, 2009 at 04:06:36PM +0100, Sigurd Høgsbro wrote:
> Hello all,
>
> I'm trying to deploy haproxy as a replacement for the proxy-module in
> lighttpd 1.5svn (not yet released), and have managed to mostly configure
> it to my desires.
>
> I'm having problems getting haproxy to recognise all the RFC1918
> networks as exception subnets - what is the correct syntax to exclude
> all of the 10/8, 172.16/12, 192.168/16 networks from X-Forwarded-For
> header rewriting for a given frontend? Below is the start of my frontend
> stanza.
>
> Cheers,
>
> Sigurd
>
> listen http
> bind :80
> mode http
> option httpclose
> option forwardfor except 10.0.0.0/8
> option forwardfor except 172.16.0.0/12
> option forwardfor except 192.168.0.0/16
only one network can be specified, so the last entry overrides the previous ones.
I think it would not be too hard to implement ACL-based "option forwardfor {if|unless} <rule>", which would solve your issue once for all. Anyone interested in working on it ?
In the mean time I have another solution. You can do that using two distinct backends :
frontend http
bind :80
mode http
option httpclose
acl private src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
use_backend http-private if private
default_backend http-public
backend http-public
mode http
option forwardfor
...
backend http-private
mode http
...
Regards,
Willy
Received on 2009/06/26 03:01
This archive was generated by hypermail 2.2.0 : 2009/06/26 03:15 CEST