Hi, I would like HAProxy to append to the X-Forwarded-For header. As HAProxy preferers to add duplicate headers instead of appending the existing list this does not seem to be so straight forward. I found a configuration line form HAProxy issue tracker on github that should append the value to the comma-delimited X-Forwarded-For downstream header but I don’t get the expected results.
My downstream X-Forwarded-For contains 3 IP addresses already: presumed client ip, edge reverse proxy ip, ingress controller ip. I also want HAProxy do add the auth gateway ip which is between ingress controller and HAProxy. Upstream servers are different application and web servers. ingress controller ip is the last entry of %[hdr(x-forwarded-for)] and auth gateway ip is in %[src]
The line (from HAProxy issute tracker on github) is
http-request replace-value x-forwarded-for ^ "%[hdr(x-forwarded-for)], %[src]"
The result I get is: “X-Forwarded-For: ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip” -basically it just replaces all three unique IP addresses with the two values from replace-fmt. What is even more confusing is that %[hdr(x-forwarded-for)] onl contains the most right i.e latest IP and others are discarded. Looks like improper parsing of comma-delimited lists.
I am using HAProxy version 2.3.5