Our customer have HAproxy instalation with tcp mode configuration, balancing load between two IIS servers.
That works fine, but it shows NLB’s IP as client’s, which is a problem.
Switching to http mode and enabling x-forwarded-for works, but…
Web app needs clients to authenticate, and there are two methods - username and password, or client certificate card.
User/pass auth works fine and users get the service, but when using authentication with client certificate, users get rejected (probably due to package decryption, adding x-forward field and then re-encryption with haproxy’s cert).
Is there a way to make client IP address visible in IIS logs while using tcp mode, or any other solution for client IP visibility and personal certificate authentication on haproxy?