Created
August 10, 2016 10:06
-
-
Save sielay/0aa4077829f35f5e0310f9e0cc9fdc71 to your computer and use it in GitHub Desktop.
Haproxy - Capture client IP when behind CloudFlare or not. Also keep x-forwarded-for in logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend www-http | |
| bind :80 | |
| bind *:443 ssl crt /etc/haproxy/certs no-sslv3 | |
| capture request header X-Forwarded-For len 50 | |
| acl is_cf req.hdr(cf-connecting-ip) -m found | |
| http-request set-header X-Client-IP %[src] if !is_cf | |
| http-request set-header X-Client-IP %[hdr(cf-connecting-ip)] if is_cf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A better option is this, to prevent users being able to manually add a cf-connecting-header
acl is_cf src -f /etc/haproxy/cf-ips-v4Making sure to save the file used above first:
wget https://www.cloudflare.com/ips-v4 > /etc/haproxy/cf-ips-v4