Idea ID: 2875576

Access Gateway should accept the "proxy protocol" for remote ip

cannata_g cannata_g
Status : New Idea

When using AG behind HAProxy TCP Load Balancer the AG receives the ip of the load balancer, not the one of the original client. HAProxy uses the "Proxy Protocol" (  to provide the original IP. Apache can read the original ip with the module mod_remoteip ( with the parameter RemoteIPProxyProtocol On.

The original IP is very valuable for authorization and logging. We cannot switch to a L7 load balancer where the original IP would be added to the X-Forwarded-For header.

  • +1, customer got NAM behind HAProxy load balancer. To be able to use certificate authentication we will need to change to TCP mode but still want to to get client IP from HAProxy