Haproxy, IIS, Client IP


#1

Hello,

I’m new to this, so please be patient.

I, of course, have a problem, that I need help with, please.

I have a LB machine with the following setup:
OS: CentOS
Haproxy version: 1.5.14-3

Problem:
We have a website that uses IP based authentication currently bypassing HaProxy machine.
My problem is that when I put the website behind haproxy, I receive the proxy box IP instead of user.
Ok, so that’s understandable. I used ForwardFor and we added that to the website authentication module.

Now, if I am a client, not behind my own proxy, the system works great.
However, if I am behind a proxy, the application sees the incoming client IP as an internal IP (e.g. 10.X.Y.Z) from the client’s proxy.

How do I find the public IP of the client - their proxy?
Any help would be appreciated.
Thank you.

Thank you very much.


#2

Hi,

3 options:


#3

Thank you for your answer.

I have come to a conclusion in the meantime.
After browsing forum after forum, figured out that apparently a proxy adds a value to forwardfor variable. That way the .Net application we are hosting can collect the value in the form of server variable HTTP_X_FORWARDED_FOR. This value equals to “IP1, IP2, IP3…”. By splitting the value by comma and taking the last value, we got to the desired IP address.
Since I had no way to test that in my local setup I had to contact a client of ours to test the solution. And, surprisingly, it worked like a charm. now we can authenticate our clients by their IP addresses.

So your first suggestion is the one we are using.
Hope this also helps anyone else.

KR and thank you.