X-Forwarded-For not passing when same URI requested rapidly?


#1

I’ve found that, for whatever reason, when I am requesting the same URI (proxied by haproxy to the back-end Apache server, of course) in rapid succession - perhaps once every 2 seconds or so - X-Forwarded-For is not being sent to the Apache server. I have a separate log file for proxied requests as determined by the presence of X-Forwarded-For and not, as well as a PHP script that was echoing the value of the headers, and the IP of my client just isn’t there. However if I wait 10 seconds or so and then request that same URI the X-Forwarded-For is passed as usual.

Is there a reason for this? What’s going on behind the scenes here? It seems unusual. Can anyone shed some light on this? The configuration is very simple; see below.

global
user haproxyu
group haproxyu
maxconn 4096
daemon

defaults
mode http
timeout connect 5000
timeout client 50000
timeout server 50000
retries 3
option persist
maxconn 4096

frontend zzzx
bind 5.6.7.8:80
mode http
default_backend xxxy

backend xxxy
mode http
option forwardfor
server srbe1 1.2.3.4:80


#2

You are using haproxy 1.4 in tunnel mode, which means that after the first request/response a keepalived connection basically becomes a TCP tunnel.

To fix this, put “option http-server-close” in your default section.