Hi Willy,
> Since you're using HTTP, it's a real waste of simplicity and performance
> to try to work in transparent mode. You'd better work in a normal proxy
> mode and configure your web server to report the client's IP address in
> the logs instead of relying on haproxy and your kernel to spoof the client.
The reason I'm pursuing this transparent route is that I haven't found a real clean patch for Apache that would report X-Forwarded-For also reliably to CGI's REMOTE_ADDR env-variable and to .htaccess deny/allow lines. So you wouldn't have to modify existing scripts / .htaccesses to know about the reverse proxy.
If there's a good patch for Apache 2.x that supports that I'd be more than happy to use that instead of this bit kludgy way.
> If for any reason you absolutely want to do that anyway, here are two
> possibilities :
> 1) use two different backends, one for local connections, and another one
> for external ones. The local one must not do transparent proxying :
I'll try this route.
Thanks Willy for the quick and insightful answer.
Cheers,
Toni Mattila
Received on 2010/04/08 23:42
This archive was generated by hypermail 2.2.0 : 2010/04/08 23:45 CEST