HAProxy community

Bind user to one outgoing IP for X minuttes


Hello, so I am running a 3proxy server and want to balance all the incoming traffic through haproxy.
Basically the configuration below does the job perfectly.
Only issue i’v got is that every request every person sends gets balanced by round robin through different outgoing IP.

That what it’s supposed to do you dum dum!

The question is , how to make the user stay on the same outgoing IP for X minuttes, or just forever?
Note - I need to access HTTPS pages

P.s I am referring to squid port 4100/4102 as outgoing IPs.

Thank you!!! :sweat_smile:

        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy

        log     global
        mode    tcp
        option  tcplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000

    frontend squid
        bind *:8000
        default_backend squid_pool

    backend squid_pool
        balance roundrobin
    #   balance first
        mode tcp
    #   appsession fblo_ len 100 timeout 1h request-learn prefix
        server squid1 xxx.xxx.xxx.xxx:4100 check
        server squid2 xxx.xxx.xxx.xxx:4101 check


Use balance source instead of roundrobin. Alternatively you can configure sticky IP addresses.

Read more about it here:


thank you very much for taking time to answer, in addition to that, is it possible to do persistence by incoming port?
Also how could I make sure that same user( source IP) would never end up on the same outgoing IP (backend i suppose) ?


That doesn’t make any sense. Either the connection is already established, so the traffic is hitting the same backend server because it is not subject to another hash (as the load-balancing decision/hash was already completed earlier), or the client comes from a different port altogether meaning it would hit a different backend server anyway.

I don’t see how that’s possible with the current haproxy featureset.


thank you for your detailed answer, but I really need one ‘user’ to not end up on the same backend, from what I have read in the documentations looks like it should be possible combining userlists and stick-tables?

So If an users authenticates with username - bob , he would be redirected only to backed 1?

Or that’s just a stupid idea? ))
Thank you for the patience! )


That use-case certainly never did come up, and I don’t understand what you are trying to achieve.
Do you have thousands of outgoing IP addresses/backend servers?

I don’t know if there is a way to achieve this. It is possible there is a way, maybe with the help of LUA scripting, however you’d have to invest some time to research this.


Basically, I want to sell some proxies, which are hosted on 3proxy server, so I would like to run haproxy as a frontend filter and a balancer, so when user comes to haproxies port he would get assigned one backend (outgoing proxy). Hope it makes sense, maybe it’s more clear this way


Then I would guess you want users to stick to the same IP/backend servers, which is easily possibly with the features available in haproxy.

Otherwise like I said, you’d have to dig deep into the documentation and LUA scripting.


Thank you for the answer, only promising thing I found in haproxies documentation is the
src_port for layer 4.
And i’m sorry if i am misunderstanding how TCP ports really work, but if I would listen on

Would these ports would be the ‘source ports’ and thus maybe even possible to bind on? ))
Again, sorry i’f i’m misinterpreting things, but I have to do this on my own because haproxies developers for hire are impossible to find.


Yep, the above post (kind of)solved it. Just had to use dst_port instead of src_port (a bit confusing)-

stick-table type integer size 1k expire 3h
stick on dst_port

worked like a charm.

Thank you for your patience @lukastribus