reqadd srcIP for header

Hey guys,



I'm running latest stable of haproxy and want to basically insert a header
"X-Forward-For: {client ip}" into the header of a transaction, this is so
the web application being balanced knows the originating IP address.



Is this possible? I couldn't figure it out.



--Karl.



Karl Kloppenborg

Programming Ninja



Crucial Paradigm Pty Ltd

Suite 1 Level 3 104-106 Commonwealth St

Surry Hills NSW 2010

Australia



1300 884 839 - Sales & Support (AU Only)

https://support.crucialp.com/ Click here for the Support Desk



d: 02 8202 9994

f: 02 92818261

m: 0416 236 908

e: <mailto:[email protected]> karl@crucial.com.au



Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud
solutions.

We are commited to keeping our planet green, please reduce, reuse and
recycle your office paper.

Description: crucial_2012

Karl,

Take a look at...
http://code.google.com/p/haproxy-docs/wiki/forwardfor

You can also use reqadd which I've done to add ports and protocols like so (thought I'm not sure how you'd get the client ip)…
reqadd X-Forwarded-Protocol:\ http
reqadd X-Forwarded-Port:\ 80


--
Chris LeBlanc
chris@blendedby.us


On Monday, June 4, 2012 at 1:57 AM, Karl Kloppenborg wrote:

>
> Hey guys,
>
>
>
>
>
> I’m running latest stable of haproxy and want to basically insert a header “X-Forward-For: {client ip}” into the header of a transaction, this is so the web application being balanced knows the originating IP address.
>
>
>
>
>
> Is this possible? I couldn’t figure it out.
>
>
>
>
>
> --Karl.
>
>
>
>
>
> Karl Kloppenborg
>
>
> Programming Ninja
>
>
>
>
>
> Crucial Paradigm Pty Ltd
>
>
> Suite 1 Level 3 104-106 Commonwealth St
>
>
> Surry Hills NSW 2010
>
>
> Australia
>
>
>
>
>
> 1300 884 839 – Sales & Support (AU Only)
>
>
> Click here for the Support Desk (https://support.crucialp.com/)
>
>
>
>
>
> d: 02 8202 9994
>
>
> f: 02 92818261
>
>
> m: 0416 236 908
>
>
> e: karl@crucial.com.au (mailto:[email protected])
>
>
>
>
>
> Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions.
>
>
> We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.
>
>
>
>
>
>
>
>
>
>

Hey Chris,



Yep I’ve been doing that for a while to make my SSL termination with magento.



However does no one know how to get that src-ip into there?



Surely people have needed this?



--Karl.



Karl Kloppenborg

Programming Ninja



Crucial Paradigm Pty Ltd

Suite 1 Level 3 104-106 Commonwealth St

Surry Hills NSW 2010

Australia



1300 884 839 – Sales & Support (AU Only)

https://support.crucialp.com/ Click here for the Support Desk



d: 02 8202 9994

f: 02 92818261

m: 0416 236 908

e: karl@crucial.com.au



Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions.

We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.

Description: crucial_2012



From: Chris LeBlanc [mailto:[email protected]]
Sent: Monday, 4 June 2012 5:07 PM
To: Karl Kloppenborg
Cc: haproxy@formilux.org
Subject: Re: reqadd srcIP for header



Karl,



Take a look at...

http://code.google.com/p/haproxy-docs/wiki/forwardfor



You can also use reqadd which I've done to add ports and protocols like so (thought I'm not sure how you'd get the client ip)…

reqadd X-Forwarded-Protocol:\ http

reqadd X-Forwarded-Port:\ 80



--

Chris LeBlanc

chris@blendedby.us



On Monday, June 4, 2012 at 1:57 AM, Karl Kloppenborg wrote:

Hey guys,



I’m running latest stable of haproxy and want to basically insert a header “X-Forward-For: {client ip}” into the header of a transaction, this is so the web application being balanced knows the originating IP address.



Is this possible? I couldn’t figure it out.



--Karl.



Karl Kloppenborg

Programming Ninja



Crucial Paradigm Pty Ltd

Suite 1 Level 3 104-106 Commonwealth St

Surry Hills NSW 2010

Australia



1300 884 839 – Sales & Support (AU Only)

https://support.crucialp.com/ Click here for the Support Desk



d: 02 8202 9994

f: 02 92818261

m: 0416 236 908

e: karl@crucial.com.au



Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions.

We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.

Description: crucial_2012

Hey Carl,

Is your device sending a http request header. Maybe you can snag the
referrer.

--
Chris LeBlanc
If you see this rotate your iPhone 90°

On Jun 4, 2012, at 7:38 PM, Karl Kloppenborg <[email protected]> wrote:

Hey Chris,



Yep I’ve been doing that for a while to make my SSL termination with
magento.



However does no one know how to get that src-ip into there?



Surely people have needed this?



--Karl.



*Karl Kloppenborg*

Programming Ninja



*Crucial Paradigm Pty Ltd*

Suite 1 Level 3 104-106 Commonwealth St

Surry Hills NSW 2010

Australia



1300 884 839 – Sales & Support (AU Only)

*Click here for the Support Desk https://support.crucialp.com/ *



d: 02 8202 9994

f: 02 92818261

m: 0416 236 908

e: karl@crucial.com.au

* *

Crucial Paradigm is a leading Web Hosting provider that specialises in
Cloud solutions.

We are commited to keeping our planet green, please reduce, reuse and
recycle your office paper.

<image002.jpg>



*From:* Chris LeBlanc [mailto:[email protected]]
*Sent:* Monday, 4 June 2012 5:07 PM
*To:* Karl Kloppenborg
*Cc:* haproxy@formilux.org
*Subject:* Re: reqadd srcIP for header



Karl,



Take a look at...

http://code.google.com/p/haproxy-docs/wiki/forwardfor



You can also use reqadd which I've done to add ports and protocols like so
(thought I'm not sure how you'd get the client ip)…

reqadd X-Forwarded-Protocol:\ http

reqadd X-Forwarded-Port:\ 80



--

Chris LeBlanc

chris@blendedby.us



On Monday, June 4, 2012 at 1:57 AM, Karl Kloppenborg wrote:

Hey guys,



I’m running latest stable of haproxy and want to basically insert a header
“X-Forward-For: {client ip}” into the header of a transaction, this is so
the web application being balanced knows the originating IP address.



Is this possible? I couldn’t figure it out.



--Karl.



*Karl Kloppenborg*

Programming Ninja



*Crucial Paradigm Pty Ltd*

Suite 1 Level 3 104-106 Commonwealth St

Surry Hills NSW 2010

Australia



1300 884 839 – Sales & Support (AU Only)

*Click here for the Support Desk https://support.crucialp.com/ *



d: 02 8202 9994

f: 02 92818261

m: 0416 236 908

e: karl@crucial.com.au

* *

Crucial Paradigm is a leading Web Hosting provider that specialises in
Cloud solutions.

We are commited to keeping our planet green, please reduce, reuse and
recycle your office paper.

<image003.jpg>

Hey,

Using stunnel and haproxy, both with the proxy protocol may help when
you want to add the X-SRC-IP header for a SSL connection.

cheers

well, not adding a header, but getting connected on the server using
the client IP (using a TPROXY patched kernel).

cheers

On Tue, Jun 5, 2012 at 9:00 AM, Baptiste <[email protected]> wrote:
> Hey,
>
> Using stunnel and haproxy, both with the proxy protocol may help when
> you want to add the X-SRC-IP header for a SSL connection.
>
> cheers

Oh hey guys,

I do the same thing and use the stunnel proxy protocol. You just add protocol = proxy to stunnel and use bind :81 accept-proxy for haproxy and it seems to take care of the rest. I do have to add some extra headers using addreq to identify port and protocol but that's just hardcoded in the https frontend (and http frontend for consistency).

Hope that helps. I know newer versions of haproxy and stunnel are required so double check that.

--
Chris LeBlanc


On Tuesday, June 5, 2012 at 2:01 AM, Baptiste wrote:

> well, not adding a header, but getting connected on the server using
> the client IP (using a TPROXY patched kernel).
>
> cheers
>
> On Tue, Jun 5, 2012 at 9:00 AM, Baptiste <[email protected] (mailto:[email protected])> wrote:
> > Hey,
> >
> > Using stunnel and haproxy, both with the proxy protocol may help when
> > you want to add the X-SRC-IP header for a SSL connection.
> >
> > cheers

Hey guys,



Thank you for all your input, I ended up going with the xforwardedfor.



--Karl.



Karl Kloppenborg

Programming Ninja



Crucial Paradigm Pty Ltd

Suite 1 Level 3 104-106 Commonwealth St

Surry Hills NSW 2010

Australia



1300 884 839 – Sales & Support (AU Only)

https://support.crucialp.com/ Click here for the Support Desk



d: 02 8202 9994

f: 02 92818261

m: 0416 236 908

e: karl@crucial.com.au



Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions.

We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.

Description: crucial_2012



From: Chris LeBlanc [mailto:[email protected]]
Sent: Tuesday, 5 June 2012 5:07 PM
To: Baptiste
Cc: Karl Kloppenborg; haproxy@formilux.org
Subject: Re: reqadd srcIP for header



Oh hey guys,



I do the same thing and use the stunnel proxy protocol. You just add protocol = proxy to stunnel and use bind :81 accept-proxy for haproxy and it seems to take care of the rest. I do have to add some extra headers using addreq to identify port and protocol but that's just hardcoded in the https frontend (and http frontend for consistency).



Hope that helps. I know newer versions of haproxy and stunnel are required so double check that.



--

Chris LeBlanc



On Tuesday, June 5, 2012 at 2:01 AM, Baptiste wrote:

well, not adding a header, but getting connected on the server using

the client IP (using a TPROXY patched kernel).



cheers



On Tue, Jun 5, 2012 at 9:00 AM, Baptiste <[email protected]> wrote:

Hey,



Using stunnel and haproxy, both with the proxy protocol may help when

you want to add the X-SRC-IP header for a SSL connection.



cheers