0

I have two backend servers, I have to monitor Client IP, by default HAProxy sends server IP not client IP. I have found a similar solution over here but it does not work for my case. My simple configuration file is following

Here is my haproxy.cnf

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
frontend  main *:9090
    acl url_static       path_beg       -i /static /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css 

#Rule for plays request
   acl p2_url path_beg     -i /plays
   use_backend back2          if p2_url

    acl valid_path  path_beg -i /solr/select
    use_backend back1       if valid_path

   use_backend static          if url_static
   default_backend             static

backend static
    balance     roundrobin
    server      static 127.0.0.1:80 check


backend back1
    balance     roundrobin
    server  app40 127.0.0.1:8900 check
backend back2
    balance     roundrobin
    server  app31 10.11.21.31:80 check

I want to send client IP when ever back2 is used ( atleast ). How I can update haproxy configuration. I am using Centos 7 with HAProxy 1.5.14

Community
  • 1
Hafiz Muhammad Shafiq
  • 211
  • 3
  • 7
  • *"by default HAProxy sends server IP not client IP."* By default, no... it doesn't. HAProxy *connects with* its own IP to the back-end, but you should find that `option forwardfor` -- which you already have -- places the client IP in the `X-Forwarded-For:` header, which the back-end server can read. If this isn't what you are looking for, we need to understand specifically what you mean by "send client IP." – Michael - sqlbot Oct 27 '16 at 10:49
  • If it is true that it is sending origional IP to backend server then how to detect it from that backend server? httpd log still showing haproxy IP not origional IP – Hafiz Muhammad Shafiq Oct 28 '16 at 04:44
  • The httpd log is correct not showing you what HAProxy (or anyone else) "sends" -- it's showing who's actually connecting. You will need to reconfigure the web server's logs and/or your app to use XFF. Is this "httpd" Apache web server? – Michael - sqlbot Oct 28 '16 at 10:41

1 Answers1

1

I see the confusion now, you actually want to know how the backend server can read the x-forwarded-for header from the logs?

Try these instructions for Windows IIS XFF or Apache XFF.

Malcolm turnbull
  • 747
  • 5
  • 6
  • 1
    I think you have the right idea but it would be better to have the actual solution in the answer rather than a link to the solution off-site. We also may already have this question and an accompanying answer here, and we should check for that once we have confirmation of the web server software in use. – Michael - sqlbot Oct 28 '16 at 10:44