Cannot put header X-Forwarded-For in a stick table

@AleksASB wrote:

Hello!

I need to use X-Forwarded-For header as sticking item for balancing, but cannot figure out how to do it correct.
My haproxy.conf:

global
        log 127.0.0.1 local2 notice
        chroot /var/lib/haproxy
        stats socket /tmp/haproxy.sock mode 666 level admin
        stats timeout 2m
        user haproxy
        group haproxy
        daemon
        maxconn 100000

defaults
        log     global
        option  dontlognull
        retries 3
        maxconn 100000
        timeout connect 240s
        timeout client 900s
        timeout server 900s
        timeout check 20s
        #errorfile 400 /etc/haproxy/errors/400.http
        #errorfile 403 /etc/haproxy/errors/403.http
        #errorfile 408 /etc/haproxy/errors/408.http
        #errorfile 500 /etc/haproxy/errors/500.http
        #errorfile 502 /etc/haproxy/errors/502.http
        #errorfile 503 /etc/haproxy/errors/503.http
        #errorfile 504 /etc/haproxy/errors/504.http

frontend app-frontend-test
        bind *:1234
        mode http
        option httplog
        option httpclose
        option http-server-close
        option forwardfor except 127.0.0.1 if-none
        capture request header X-Forwarded-For len 50
        default_backend test-server

backend test-server
        mode http
        stick-table type string len 50 size 200k expire 8h
        stick on capture.req.hdr(0)
        balance roundrobin
        server test-app1 10.9.15.43:1234 check
        fullconn 100000

listen stats
        bind 10.9.127.80:8888
        mode http
        stats enable
        stats uri /stats
        stats realm HAProxy Statistics
        stats auth user:password
        stats refresh 10s

My HAProxy version:

HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18
  OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

OS: CentOS 7

I see with tcpdump that HAProxy put X-Forwarded-For header, but stick-table is empty (I’ve check it with echo “show table test-server” | socat /tmp/haproxy.sock stdio)

Posts: 2

Participants: 2

Read full topic