We have mobile clients behind loadbalancer that all use the same IP address. The real IP address of the client is defined in client’s X-Forwarder-For header. We want to capture X-Forwarder-For header and apply rate limiting for unique IP address and API path (POST method). Are there any examples of this?
Hi,
I think the src IP is not set correctly in your Haproxy.
Try this line in your Haproxy and then check your Ha logs to make sure that src IP is unique per client.
http-request set-src hdr(x-forwarded-for)
In case of unique IPs, you can define a stick-table to limit rates per IP.