Haproxy, IIS, Client IP

Hello,

I’m new to this, so please be patient.

I, of course, have a problem, that I need help with, please.

I have a LB machine with the following setup:
OS: CentOS
Haproxy version: 1.5.14-3

Problem:
We have a website that uses IP based authentication currently bypassing HaProxy machine.
My problem is that when I put the website behind haproxy, I receive the proxy box IP instead of user.
Ok, so that’s understandable. I used ForwardFor and we added that to the website authentication module.

Now, if I am a client, not behind my own proxy, the system works great.
However, if I am behind a proxy, the application sees the incoming client IP as an internal IP (e.g. 10.X.Y.Z) from the client’s proxy.

How do I find the public IP of the client - their proxy?
Any help would be appreciated.
Thank you.

Thank you very much.

Hi,

3 options:

• X-Forwarded-For header set by HAProxy and used by your application when performing authentication
• Proxy-Protocol, but IIS is unfortunately not compatible (http://blog.haproxy.com/haproxy/proxy-protocol/)
• transparent proxy mode: http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/

Thank you for your answer.

I have come to a conclusion in the meantime.
After browsing forum after forum, figured out that apparently a proxy adds a value to forwardfor variable. That way the .Net application we are hosting can collect the value in the form of server variable HTTP_X_FORWARDED_FOR. This value equals to “IP1, IP2, IP3…”. By splitting the value by comma and taking the last value, we got to the desired IP address.
Since I had no way to test that in my local setup I had to contact a client of ours to test the solution. And, surprisingly, it worked like a charm. now we can authenticate our clients by their IP addresses.

So your first suggestion is the one we are using.
Hope this also helps anyone else.

KR and thank you.