X-Forwarded-For in TCP Mode

mahesh.mahajan · September 7, 2018, 11:46am

I have compiled HA Proxy version 1.8.13 on RHEL 7.5. The defaults and frontend are configured in TCP mode.

The application instances which we have in the backend are serving TCP connections. For security reasons we have enabled access control basis of IP address and user name. To use this feature I would require HA Proxy to send IP address of client machine to the applications. Currently all requests are coming via HAPRoxy IP address.

Can some one please guide me in how to setup X-Forwarded-For in TCP mode. Below are the snippet of haproxy.cfg

defaults
mode tcp
log global
option tcplog
option dontlognull
option forwardfor
option redispatch
retries 3
timeout queue 5m
timeout connect 1000s
timeout client 5m
timeout server 5m
timeout check 1000s
maxconn 3000000

frontend localnodes
bind *:30000
mode tcp
default_backend nodes
timeout client 1m

backend nodes
balance leastconn
server ins01 127.0.0.1:5000
server ins02 127.0.0.1:6000
server ins03 127.0.0.1:7000
server ins04 127.0.0.1:8000
timeout connect 10s
timeout server 1m

lukastribus · September 7, 2018, 12:25pm

X-Forwarded-For is a HTTP header, it can’t be inserted into a TCP stream.

You can use the proxy protocol ( doc/proxy-protocol.txt), but you will have to implement it in your application.

mahesh.mahajan · September 8, 2018, 7:14am

@lukastribus Thank you very much for you kind support and explanation.

Topic		Replies	Views
Send X-Forwarded-For in TCP Mode Help!	1	4472	December 22, 2016
HAProxy to retain client IP Help!	3	12772	July 2, 2019
TCP Routing based on source IP and port Help!	2	2404	April 6, 2023
Chained HAProxy in tcp mode with proxy protocol enabled not working Help!	17	7092	May 25, 2019
X-Forwarded-For not working Help!	8	7819	April 1, 2019

X-Forwarded-For in TCP Mode

Related topics