X-Forwarded-For in TCP Mode

mahesh.mahajan · September 7, 2018, 11:46am

I have compiled HA Proxy version 1.8.13 on RHEL 7.5. The defaults and frontend are configured in TCP mode.

The application instances which we have in the backend are serving TCP connections. For security reasons we have enabled access control basis of IP address and user name. To use this feature I would require HA Proxy to send IP address of client machine to the applications. Currently all requests are coming via HAPRoxy IP address.

Can some one please guide me in how to setup X-Forwarded-For in TCP mode. Below are the snippet of haproxy.cfg

defaults
mode tcp
log global
option tcplog
option dontlognull
option forwardfor
option redispatch
retries 3
timeout queue 5m
timeout connect 1000s
timeout client 5m
timeout server 5m
timeout check 1000s
maxconn 3000000

frontend localnodes
bind *:30000
mode tcp
default_backend nodes
timeout client 1m

backend nodes
balance leastconn
server ins01 127.0.0.1:5000
server ins02 127.0.0.1:6000
server ins03 127.0.0.1:7000
server ins04 127.0.0.1:8000
timeout connect 10s
timeout server 1m

lukastribus · September 7, 2018, 12:25pm

X-Forwarded-For is a HTTP header, it can’t be inserted into a TCP stream.

You can use the proxy protocol ( doc/proxy-protocol.txt), but you will have to implement it in your application.

mahesh.mahajan · September 8, 2018, 7:14am

@lukastribus Thank you very much for you kind support and explanation.

Topic		Replies	Views
Send X-Forwarded-For in TCP Mode Help!	1	4597	December 22, 2016
HAProxy to retain client IP Help!	3	13146	July 2, 2019
Haproxy - httpd real ip Help!	3	6547	July 11, 2017
X-Forward-for isn't appearing Help!	1	786	February 16, 2017
Can not forward client ip from load balancer Help!	2	8054	August 23, 2016

X-Forwarded-For in TCP Mode

Related topics