Quantcast
Channel: HAProxy community - Latest topics
Viewing all articles
Browse latest Browse all 4849

Cloudflare: haproxy is using the wrong IP for HTTP requests after the first

April 30, 2019, 3:24 pm
$
0
0

@supermathie wrote:

We are using haproxy 1.8.17 in a two-stage setup:

  • multiple “interceptor” servers (in http mode) that accept the initial connection and send it (using send-proxy-v2-ssl) to multiple:
  • “routers” that know about the various backends to which we need to route the requests

Everything is working great, except when CloudFlare is involved. In the frontend on “router” we’re using:

http-request set-src hdr(x-forwarded-for) if is_cloudflare_src

and we find:

  • the connections are properly coming from various Cloudflare IPs within their published ranges (188.114.110.101, 172.68.133.229, 162.158.255.95) – this is OK

  • between “interceptor” and “router”, a single connection is fronted by a PROXY header with the actual outside layer 3/4 connection information – this is OK

  • inside that stream are multiple requests – this is OK :

    POST /message-bus/c009f71cb32a656f70b46a6db8c6ad42/poll?dlp=t HTTP/1.1
Host: community.customer.com
X-Forwarded-For: 192.0.2.18
CF-Connecting-IP: 192.0.2.18

POST /message-bus/97361f6ea08fc8c7a1eda4d34435907b/poll?dlp=t HTTP/1.1
Host: community.customer.com
X-Forwarded-For: 198.51.100.37
CF-Connecting-IP: 198.51.100.37

GET /admin/users/195.json?_=1556350420519 HTTP/1.1
Host: community.customer.com
X-Forwarded-For: 203.0.113.39
CF-Connecting-IP: 203.0.113.39

  • what’s being reported by “router” is NOT OK as it has the source IP as the X-Forwarded-For IP from the first request:

192.0.2.18:30658 [30/Apr/2019:18:54:41.486] app community/server03 0/0/1/61/62 200 1904 - - ---- 718/718/29/12/0 0/0 "GET /admin/users/195.json?_=1556350420519 HTTP/1.1"

I think that with our setup haproxy should be inspecting the X-Forwarded-For of each request, but it appears to be using the first IP seen for every single subsequent request.

Where’s the problem? Is this haproxy’s error or do we need to tell it to do something different?

This is a total guess but I wonder if the http-request set-src overwrites the connection source instead of the request source and then on the next request on that connection it doesn’t match is_cloudflare_src

Posts: 1

Participants: 1

Read full topic

Search
Viewing all articles
Browse latest Browse all 4849

Trending Articles

RAMAYAMPET Mandal Sarpanch | Upa-Sarpanch | Ward member Mobile Numbers Medak...

May 24, 2017, 2:00 am

लड़कियां सेक्स के दौरान क्यों करती है उह! आह!लड़कियां सेक्स के दौरान क्यों करती...

May 19, 2016, 1:54 am

Neem Baba Extra Questions Answer Class 6 English Poorvi

February 1, 2025, 5:19 am

Throw Back: 4×4 — Sikilitele (Ft Castro) Prod by JQ

March 5, 2015, 8:24 am

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

August 20, 2016, 5:13 pm

Lowe faces four theft charges

November 14, 2017, 6:52 pm

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Mafia, Murder & Mayhem In The Motor City: Detroit Mob Hit Timeline (1937-2007)

December 7, 2016, 3:57 pm

The 10 Tennessee Cities With The Largest Black Population For 2021

December 21, 2020, 10:12 am

Materials Around Us Class 6 Worksheet Science Chapter 6

October 3, 2024, 5:20 am

デスクトップ ヒープの枯渇

January 18, 2018, 8:31 pm

Best Suvichar in Hindi |बेस्ट सुविचार |शुभ विचार हिंदी में

March 7, 2020, 11:19 pm

Kanulanu Thaake Lyrics and translation | Manam (2014)

May 9, 2014, 5:45 am

Korean Sex Porn Videos: XXX Videos & Free Porn Movies

May 30, 2025, 9:29 pm

Teen Shot In Miami Drive-By Dies From Injuries

August 8, 2011, 1:16 pm

Download: IQ Muzatasha feat Shy D & Pmj – Ulesi NiFertilizer Yamavuto

March 22, 2018, 7:23 pm

Mahakal Attitude Status

February 29, 2020, 9:52 am

Property developer set up cannabis factory to help pay off debts...

August 3, 2015, 2:29 am

July 11, 2015, 6:15 am

KB: How to troubleshoot issues when adding a Hyper-V host in System Center...

August 14, 2012, 10:05 am
Search