Get source IP from incoming TCP packet

So I currently have this frontend for incoming HTTPS traffic, which inspects the SNI and decides if it needs to perform decryption or not.

listen haproxy-tcp-in
          mode tcp
          tcp-request inspect-delay 10s
          tcp-request content accept if { req.ssl_hello_type 1 }
          tcp-request content do-resolve(sess.myip,dns,ipv4) req.ssl_sni
          acl passsites req.ssl_sni -
          use_backend passthrough if passites
          use-server tointercept if !passites
          server tointercept

server tointercept sends it to another frontend in http mode so I can use http-request stuff and do the ssl termination on the bind line. But, when not terminating, I cannot do the http stuff. But I still want to have the original source IP where the request toHAProxy came from, so basically the forwardfor option that is only available for HTTP.

How can I get the source IP from a tcp req and add it to the request to Because the frontend forwardfor then shows as X-Forward-for.

Or perhaps there is a better way to achieve this.


You should look at:

send-proxy on the server line on your “haproxy-tcp-in” listen.
accept-proxy on the target frontend.

1 Like

That did the trick. Thank you!