In this blog post, you’ll learn how the Proxy Protocol preserves a client’s IP address when that client’s connection passes through a proxy. You will also find resources for how to integrate the protocol into your own proxy or web server software.
What is the Proxy Protocol? It is a network protocol — developed and open sourced by HAProxy Technologies — for preserving a client’s IP address when the client’s TCP connection passes through a proxy. Without such a mechanism, proxies lose this information because they act as a surrogate for the client, relaying messages to the server but replacing the client’s IP address with their own. This distorts the logs of upstream servers because the logs incorrectly indicate that all traffic originated at the proxy.
Some higher-level protocols, such as HTTP, have a solution for this. With HTTP, a proxy can add a Forwarded HTTP header, or the non-standard X-Forwarded-For header, to store the client’s original IP address so that the server can retrieve it, but other protocols lack a similar fix. The Proxy Protocol, which operates beneath the TCP layer, fills this gap, expanding coverage to any upper layer protocol — SMTP, IMAP, FTP, the Minecraft protocol, proprietary database protocols, etc. — that transmits messages over TCP/IP. The caveat is that both the proxy and the server on the receiving end must support it.
The Proxy Protocol works by adding a header that contains the client’s IP address at the beginning of a TCP connection. By preserving the client's IP address, destination IP address, network port information, and even virtual private cloud (VPC) subnet IDs, HAProxy helps users understand how traffic is flowing and identify configuration errors. For example, you can chain NAT or TCP proxy layers together while preserving your original IP — and much more, such as securing your database.
Proxy Protocol Support
The following software, services, and devices are known to support the Proxy Protocol:
Developer Resources
If you’re a developer looking for information on how to implement the Proxy Protocol, check the link below:
Conclusion
The Proxy Protocol preserves a client’s IP address when it passes through a proxy, which maintains the correct information in server logs. Be sure to choose proxy and server solutions that support it since it must be enabled on both the sender and receiver.
Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts.
