Remote IP's with HAProxy

Solution 1:

Quoted from the HAProxy doc at haproxy.1wt.eu.

- if the application needs to log the original client's IP, use the
  "forwardfor" option which will add an "X-Forwarded-For" header with the
  original client's IP address. You must also use "httpclose" to ensure
  that you will rewrite every requests and not only the first one of each
  session:
        option httpclose
        option forwardfor

It is stated that the application must treat the X-Forwarded-For HTTP Header to know the client IP adress. Seems like the only way to go in your case.

Updated for HAProxy 1.4

Haproxy 1.4 introduced a new mode with "option http-server-close". It still closed the connection to the server but maintains keep-alive towards the client if possible and used. On most setups, you probably want to use that as it helps with latency on the single high-latency part of your connection (between Haproxy and the client).

   option http-server-close
   option forwardfor

Solution 2:

There is a way to recompile HAproxy to include Tproxy which will allow forwarding of the source address.

There's a blog post here about it: http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/

A few notes:

The latest linux kernel (2.6.28-11-server) includes support for TProxy, so recompiling the kernel is not necessary.

Make sure to configure the servers in your web farm with a default gateway address which points to the HAProxy server.


Solution 3:

Use rpaf apache module http://stderr.net/apache/rpaf/ I know this is and old post but it took me days to find this. This will present to any application the x-forwarded-for ip.

Tags:

Haproxy