Client IP preservation
Add an X-Forwarded-For header
When the load balancer proxies a TCP connection, it overwrites the client’s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client’s address in a nonstandard HTTP header used for the purpose such as X-Forwarded-For
. The backend server can then be configured to read the value from that header to retrieve the client’s IP address.
To configure the load balancer to add an X-Forwarded-For
header to an incoming request:
-
Set the
option forwardfor
directive in adefaults
frontend
,listen
, orbackend
section:haproxybackend webserversbalance roundrobinoption forwardforserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 checkhaproxybackend webserversbalance roundrobinoption forwardforserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 check -
Optional: Disable the header for an IP address or IP range by adding the
except
argument:haproxybackend webserversbalance roundrobinoption forwardfor except 192.168.56.10server s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 checkhaproxybackend webserversbalance roundrobinoption forwardfor except 192.168.56.10server s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 check -
Optional: Add the
if-none
argument to add the header only when it is not already present:haproxybackend webserversbalance roundrobinoption forwardfor if-noneserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 checkhaproxybackend webserversbalance roundrobinoption forwardfor if-noneserver s1 192.168.56.20:3000 checkserver s2 192.168.56.21:3000 check
See also Jump to heading
Do you have any suggestions on how we can improve the content of this page?