X-Forwarded-For in TCP Mode


#1

I have compiled HA Proxy version 1.8.13 on RHEL 7.5. The defaults and frontend are configured in TCP mode.

The application instances which we have in the backend are serving TCP connections. For security reasons we have enabled access control basis of IP address and user name. To use this feature I would require HA Proxy to send IP address of client machine to the applications. Currently all requests are coming via HAPRoxy IP address.

Can some one please guide me in how to setup X-Forwarded-For in TCP mode. Below are the snippet of haproxy.cfg

defaults
mode tcp
log global
option tcplog
option dontlognull
option forwardfor
option redispatch
retries 3
timeout queue 5m
timeout connect 1000s
timeout client 5m
timeout server 5m
timeout check 1000s
maxconn 3000000

frontend localnodes
bind *:30000
mode tcp
default_backend nodes
timeout client 1m

backend nodes
balance leastconn
server ins01 127.0.0.1:5000
server ins02 127.0.0.1:6000
server ins03 127.0.0.1:7000
server ins04 127.0.0.1:8000
timeout connect 10s
timeout server 1m


#2

X-Forwarded-For is a HTTP header, it can’t be inserted into a TCP stream.

You can use the proxy protocol ( doc/proxy-protocol.txt), but you will have to implement it in your application.


#3

@lukastribus Thank you very much for you kind support and explanation.