On Mon, Aug 29, 2011 at 12:22:18PM -0700, David Birdsong wrote:
> On Sat, Aug 27, 2011 at 5:26 AM, Willy Tarreau <w#1wt.eu> wrote:
> > Hi David,
> >
> > On Thu, Aug 25, 2011 at 12:28:43PM -0700, David Birdsong wrote:
> >> I've poured over 1.5 docs, and I'm pretty sure this should be
> >> possible. Is there a way to extract a header string from an http
> >> header and track that in a stick-table of type 'string'? If so, what
> >> is the syntax, where does the extraction take place?
> >
> > Right now it's not implemented, as the track-sc1 statement is only
> > available at the TCP stage. I'm clearly thinking about having it
> > before 1.5 is released, because at many places it's much more
> > important than the source IP itself.
>
> Ok, thanks for the clarification. Is there a way to cast a header as
> an ip and track-sc1? In our setup we're terminating SSL in front of
> haproxy and so only the XFF header has the client ip address.
I understand the issue, it's the same everyone is facing when trying to do the same thing unfortunately :-(
If you use a patched stunnel version which supports the PROXY protocol, then you can have the client's IP available as soon as "tcp-request content" rules are processed. Those rules support "track-sc1" so you can do what you want at this level. It requires a patch on stunnel however, but it should not be an issue since you appear to be using the XFF patch.
Regards,
Willy
Received on 2011/08/29 22:36
This archive was generated by hypermail 2.2.0 : 2011/08/29 22:45 CEST