Client IP preservation
Add an X-Forwarded-For header
When the load balancer proxies a TCP connection, it overwrites the client’s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client’s address in the HTTP header X-Forwarded-For
. The backend server can then be configured to read the value from that header to retrieve the client’s IP address.
To configure the load balancer to add an X-Forwarded-For
header to an incoming request:
-
Set the
option forwardfor
directive in adefaults
frontend
,listen
, orbackend
section:haproxybackend webserversbalance roundrobinoption forwardforserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 checkhaproxybackend webserversbalance roundrobinoption forwardforserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 check -
Optional: Disable the header for an IP address or IP range by adding the
except
argument:haproxybackend webserversbalance roundrobinoption forwardfor except 192.168.56.10server s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 checkhaproxybackend webserversbalance roundrobinoption forwardfor except 192.168.56.10server s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 check -
Optional: Add the
if-none
argument to add the header only when it is not already present:haproxybackend webserversbalance roundrobinoption forwardfor if-noneserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 checkhaproxybackend webserversbalance roundrobinoption forwardfor if-noneserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 check
Do you have any suggestions on how we can improve the content of this page?