Reverse Proxy Settings with pfSense

Hi there,

Just started using HAProxy, and am trying to learn. Sorry if this is obvious to others, but I’m banging my head against a wall here.

I want HAProxy as a reverse proxy on an internal website.
HAProxy should run on 10.1.1.1, and proxy connections from 10.1.2.2 through to 10.1.3.3.
Simple enough, and seems to be working okay with a simple HTML webpage I have on the server at 10.1.3.3.

The thing is, I am embedding an iframe on the site at 10.1.3.3 that I would like to display content from 10.1.33.33. The reason for this is that the content will change dynamically.

On the host at 10.1.33.33 we see multiple attempts to connect from 10.1.2.2 instead of 10.1.1.1. Of course these connections are blocked.

Can someone point me in the right direction, please?

I have tried rewriting http request headers, but this didn’t seem to work.

In an effort to be clearer, I want the proxy operating on 10.1.1.1, and all the connection requests to go from 10.1.1.1 to other servers.

Thanks in advance.

Haproxy will not do this for you.

You need to point to the correct endpoint, either by fixing the IP addresses in the HTML code, or by pointing to a name instead and use DNS.

Thanks for the reply.

We’re using DNS internally to resolve all these names, this is just a placeholder question to make sure that the concept is sound. If you have a moment, would the fact that we’re using DNS to get this done change the ability for HAProxy to do this? I tried playing with “source:” in the advanced back-end options, and briefly messed with X-Forwarded-For headers, but any connection on a protocol other than HTTP was attempted with the real source IP instead of the one I wanted.

I ended up proxying with HAProxy to get past the firewall, and then proxying again with apache to display the content - which successfully allowed me to force both the IP and the protocol for display.

I may have some misunderstanding in the implementation of this (probably do, I’m no expert), but I wasn’t able to find a way to get HAProxy to keep its own IP address for internal connections. I spoke to an expert on corporate-level reverse proxies, and he mentioned that the way it is typically done is to secure the application correctly in the first place so that this kind of proxy is not needed.

For anyone Googling in 2023, hopefully something in here will help.