Change Proxy-Protocol Client IP


To give the context, I have an HAProxy instance behind multiple Cloudflare domains (with ACLs etc…)

I want the final servers to have the Real Client IP

Without anything the final server get HAProxy IP
With Proxy Protocol the final server get Cloudflare IP

However, Cloudflare pass a “CF-Connecting-IP” header with the real client IP
I want to configure HAProxy to set the Proxy-Protocol client IP to the value of this Header and I didn’t found any configuration about this

Thanks in advance,

If you are using 2.4 or older, use the workaround described here:

If using 2.5 or newer, you just need:

# allow cloudflare src ranges ( +
acl is_cloudflare src -f /etc/cloudflare/ips-v4
acl is_cloudflare src -f /etc/cloudflare/ips-v6
http-request set-src hdr(cf-connecting-ip) if is_cloudflare
1 Like

I update HAProxy to 2.6.6 because I don’t want to workaround bugs and I try that

1 Like

Works fine, thank you