> Hi Mike,
>
> > Is it possible to implement at forwardfor except ipv6 ?
>
> It should not be hard to do. However, as noted in the source, it's a bit
> useless, because while IPv6 is used over the net, it's particularly rare
> on the local network, and the "except" keyword is only used to reference
> your local SSL proxies. Most often, it will only contain 127.0.0.0/8 or
> your local LAN address.
I know but then we need two entry's for haproxy for one single ipv6 address that we tunnel to ipv4.
>
> > Now it is only possible to except a ipv4 address. If that is possible we
> can also make the legacy stuff with ssl ipv6 reachable.
>
> In my opinion, this is independant. You can very well have your SSL reverse
> proxy receive IPv6 traffic and forward it to haproxy on 127.0.0.1 (IPv4).
>
> Do you have a concrete example where it's really needed ?
Yes;
Haproxy is configured to listen on ipv6 at port 80, both should be reachable (80 & 443). With stunnel we capture 443 traffic, and tunnel it to the single entry in haproxy. Haproxy is configured with forwardfor, stunnel also. Now we have 2 ipv6 in the headers, and it would be nice to except the local ipv6. With the solution to handle it on the local ipv4 should do the trick but with many ssl hosts its a bit messy. With single entry we keep te haproxy config clean.
> Regards,
> Willy
regards,
Mike
Received on 2010/10/17 21:15
This archive was generated by hypermail 2.2.0 : 2010/10/17 21:30 CEST