Client IP not showing in frame source


#1

Hi,
I have an HA Proxy instance setup on 2 virtual servers.
I have setup a Virtual IP as the frontend that recieves incoming requests on port 8080 and forwards them to 2 separate backend proxy servers on the same port.

the setup is working however when I try to access it, it shows me the IP address of the proxy server instead of the client machine IP, in the page source of the client machine.

I need to ensure that the client IP is displayed correctly in the page source of the client PC .

Any help will be appreciated.

Thanks in advance.


#2

Hi,

Can anyone help me out over here?

FWIW, I tried using the source 0.0.0.0 usersrc clientip parameter in a bid to resolve this issue.

I also tried using option forwardfor except 127.0.0.1 in the frontend section and option forwardfor header X-client parameter in the backend section of the file, but this does not work.

I can share the configuration if required.


#3

You also need to configure your backend server to consider the X-forward-for header.


#4

Thank you for your response.

Please forgive me as I am a newbie to HA proxy.

This is the configuration file for HA Proxy.

global
log /dev/log local0 info
log /dev/log local1 notice
maxconn 30000

defaults
mode http
log global
option dontlognull
timeout connect 10000
timeout client 45000
timeout server 240000
maxconn 50000
option forwardfor except 127.0.0.1

frontend web-proxy
bind 10.250.4.91:8080 transparent
mode http
http-request set-header X-Real-IP %[src]
option forwardfor
option httplog
timeout client 15s
default_backend proxyservers

backend proxyservers
mode http
balance roundrobin
http-request set-header X-Real-IP %[src]
option forwardfor
timeout server 30s
timeout connect 4s
server PROXY-1 10.250.4.11:8080 check fall 2 inter 10000 rise 2
server PROXY-2 10.250.4.78:8080 check fall 2 inter 10000 rise 2

listen status 10.250.4.88:8081
mode http
stats enable
stats uri /hastatus
stats auth admin:123456

In your post , you mentioned that I will need to configure my backend server to consider the X-forward for header.
Where do I need to insert this parameter?
Do I need to install HA proxy on these servers as well?


#5

No, you need to configure the webserver on your backend to consider the X-Forwarded-For header. How this can be achieved, if possible at all and what the configuration would look like depends on what the backend server software this actually is.


#6

Once again thank you for you prompt response.

The backend servers are essentially proxy servers which run Websense.

Your reply indicates that I will have to ask forcepoint to help me find out how to consider the X-Forwarded-for header in this case.


#7

Hi,

In your previous post, you had mentioned that I will need to configure the webserver on my backend to consider the X forwarded for header.

The backend servers over here run websense by forcepoint.

Can you let us know how to configure websense to consider the X Forwarded for header?

Alternatively, can you please let us redirect us to a link that shows us how this can be achieved?


#8

I don’t have that information. I suggest you contact the vendor.


#9

Sorry if this sounds like a stupid question.

By vendor, do you mean websense/forcepoint?


#10

Yes, thats what I mean.