Forward Client IP


I have a HAproxy as a Load Balancer with 2 jboss servers as backends. I am trying to forward the client IP to the jboss servers how ever from the jboss logs I see the HaProxy IP. Below is my config:

chroot /var/lib/haproxy
group haproxy
log local0
maxconn 4000
pidfile /var/run/
ssl-default-bind-options no-sslv3 no-tls-tickets
stats socket /var/lib/haproxy/stats
user haproxy
log global
maxconn 8000
option httplog
option redispatch
option log-separate-errors
retries 3
stats enable
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s

frontend app_preprod
bind ssl crt /etc/haproxy/ssl/certs/cert.pem
mode http
acl url_app_partner path_beg /app-1.0.0
use_backend app_insurance_preprod if url_app_partner
redirect scheme https if !{ ssl_fc }
option forwardfor
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
capture request header Host len 40
capture request header X-Forwarded-For len 50
capture request header Accept-Language len 50
capture request header Referer len 200
capture request header User-Agent len 200

backend app_insurance_preprod
balance roundrobin
mode http
option forwardfor
server check
server check

Always provide the haproxy release (output of haproxy -vv).

Nothing wrong with the haproxy configuration. I assume your jboss backend ignores the x-forward-for header and suggest to double-check on that end.

Cool will check the backend.

BTW here is the version

HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

This haproxy release should work just fine regarding x-forwarded-for.

My backend looks at client Ip not x-forward-for, is it possible to forward the client IP?

Use mod_remoteip on Tomcat: