Idea ID: 2875576

Access Gateway should accept the "proxy protocol" for remote ip

cannata_g cannata_g
Status : New Idea

When using AG behind HAProxy TCP Load Balancer the AG receives the ip of the load balancer, not the one of the original client. HAProxy uses the "Proxy Protocol" (https://www.haproxy.com/blog/use-the-proxy-protocol-to-preserve-a-clients-ip-address/)  to provide the original IP. Apache can read the original ip with the module mod_remoteip (https://httpd.apache.org/docs/current/mod/mod_remoteip.html) with the parameter RemoteIPProxyProtocol On.

The original IP is very valuable for authorization and logging. We cannot switch to a L7 load balancer where the original IP would be added to the X-Forwarded-For header.

  • +1, customer got NAM behind HAProxy load balancer. To be able to use certificate authentication we will need to change to TCP mode but still want to to get client IP from HAProxy

Resources

Support
Documentation
Learning Services
CyberRes Academy
Partner Programs
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Conduct
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.