Hi Robert,
You can develop a netfilter module to change src ipaddr from haproxy's self ip to client ipaddr for backend servers.
But this solution maybe decrease the whole performance of haproxy box for about 20%.
this is a reference :
http://www.zeus.com/community/extensions/zeus-kernel-modules-linux
James Zhang
2011/6/10 Willy Tarreau <w#1wt.eu>:
> Hi Robert,
>
> On Thu, Jun 09, 2011 at 04:23:46PM -0400, Robert Lassiter wrote:
>> I am sure it's been asked before, I can find some vague references on how to accomplish this but nothing that does not include recompiling the kernel. I think these posts are out of date. So, sorry in advance but here's the question. I have about 1000 listen (groups) and need to pass the client IP to the physical server that receives the http request. And this is all HTTP, nothing else...
>
> If it's HTTP, then "option forwardfor" is preferred. It adds the well known
> "X-Forwarded-For" header in the request and the servers will be able to use
> it to retrieve the client's IP address. There are modules for virtually every
> server to use it, check mod_rpaf for Apache.
>
> If you want to enable transparent mode, you'll have to use a very recent
> kernel (or a patched one), make a non-trivial configuration, and change
> all of your servers' routing so that their default gateway becomes the
> machine running haproxy, because the return traffic must pass there too.
>
> Quite frankly, if you manage the web servers yourself, the best solution
> is the X-Forwarded-For header !
>
> Regards,
> Willy
>
>
Received on 2011/06/10 10:20
This archive was generated by hypermail 2.2.0 : 2011/06/10 10:30 CEST