Question: We have some web apps which are behind an haproxy load balancer, with TLS being terminated on the server rather than at the balancer (so using tcp mode). The web server logs are recording the source IP as that of the load balancer as expected. I now have a requirement to pass the 'real' IP address through to the web application and also record it in the webserver logs. Currently, with other applications where TLS is terminated at the balancer and we are using http mode to connect to the backend web servers I use X-FORWARDED-FOR to pass through the 'real' IP address but obviously that won't help me when using TCP mode. I read some stuff about using the PROXY protocol, but I'm running IIS 8.5 and as far as I can tell it doesn't support PROXY. Am I correct?

My other option appears to be to switch to transparent proxying. I have verified the kernel I'm using is compiled with TPROXY support as is haproxy itself. Before I go down this road - is transparent proxying the correct/best option here?

Thanks in advance for any advice

Mark

BI WORLDWIDE Limited | Registered in England No 01445905 | Registered address 1 Vantage Court, Newport Pagnell, Bucks, MK16 9EZ | +44 (0) 1908 214 700

This e-mail message is being sent solely for use by the intended recipient(s) and may contain confidential information. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by phone or reply by e-mail, delete the original message and destroy all copies. Thank you

Please consider the environment before printing this email