RE: x-forwarded-for and server side keep alive

From: Brian Carpio <>
Date: Tue, 12 Apr 2011 13:53:49 -0700

From the documentation

  It is important to note that as long as HAProxy does not support keep-alive   connections, only the first request of a connection will receive the header.   For this reason, it is important to ensure that "option httpclose" is set   when using this option.

  Examples :
# Public HTTP address also used by stunnel on the same machine
    frontend www

        mode http
        option forwardfor except  # stunnel already adds the header

# Those servers want the IP Address in X-Client
    backend www

        mode http
        option forwardfor header X-Client

  See also : "option httpclose"

Brian Carpio
Senior Systems Engineer

Office: +1.303.962.7242
Mobile: +1.720.319.8617

-----Original Message-----
From: Julien Vehent [] Sent: Tuesday, April 12, 2011 1:55 PM
To: Haproxy
Subject: x-forwarded-for and server side keep alive

 Hi there,

 I browsed the list to look for an answer to this question, without success, so I hope you can help me on this.

 I want to use Haproxy in front of Tomcat. I need to get the client's IP, so I logically activated 'option forwardfor', which works fine.

 I also want server-side keepalive. And this is when I discovered that Haproxy sends the x-forwarded-for header with the first request of the keep-alived connection only.  It seems that tomcat 6.0.32 (that we use) cannot remember the x-forwarded-for value across multiple requests. So we would need to send the header with every request.

 My first question is: does anybody see anything wrong with those assumptions ?

 Then: is there a way to have x-forwarded-for added to each request without giving up on server-side keep alive ?

 Julien Received on 2011/04/12 22:53

This archive was generated by hypermail 2.2.0 : 2011/04/12 23:00 CEST