1

Is there any way that I can use Haproxy's ability to modify headers so that if the incoming connection has an X-Forwarded-For header for example I can then take the contents of this and add it into Haproxy's X-Forwarded-For record?

My Current Scenario is a client has setup the following:

  • CloudFlare Takes Connection, sets X-Forwarded-For and connects to Haproxy frontend
  • Haproxy then handles this connection and sets the X-Forwarded-For based on the true IP for the connection received (CloudFlares IP Address)
  • Server receives this request and the X-Forwarded-For entry contains the IP of the CloudFlare proxy rather than the true Client IP.
Caleb
  • 11,583
  • 4
  • 35
  • 49
Chris
  • 1,269
  • 2
  • 17
  • 34

1 Answers1

4

Unless your final server really wants to know what the cloudflare IP address was, if nobody connects directly to haproxy, then just remove option forwardfor so it stops changing the X-Forwarded-For header.

If some connections do not go through cloudflare, you can use option forwardfor except cloudflareipaddress to only set X-Forwarded-For for direct connections.

DerfK
  • 19,313
  • 2
  • 35
  • 51