Haproxy Cloudflare restoring original ip

kylaris · Jan 1, 2023, 9:51 PM

I am trying to pass the original ip to the server.
I found how to do so on the Cloudflare website but it is made for cli.
Can anyone tell me how to input cli command on Haproxy GUI?
login-to-view
This screenshot is from https://support.cloudflare.com/hc/en-us/articles/200170786

Thank you.

viragomann · Jan 1, 2023, 9:51 PM

@kylaris
You cannot use cli commands for configuring HAproxy. All settings have to be made in the GUI.

I would try it this way:

Add an URL alias to pfSense. Name it CF_ips and point it to https://www.cloudflare.com/ips-v4
In the HAproxy frontend add an ACL "from_cf", select "Source IP matches IP or Alias" and enter "CF_ips" under value.
add an additional ACL "cf_ip_hdr", select "custom alc" and enter "req.hdr(CF-Connecting-IP) -m found" for the value.
add an action "http-request header set", for the name enter "X-Forwarded-For" and in fmt "%[req.hdr(CF-Connecting-IP)]". Under conditions enter "from_cf cf_ip_hdr".
save and apply

Consider that the web server must be configured to interpret the X-Forwarded-For header to get the clients IP.

kylaris · Jan 3, 2023, 2:50 PM

@viragomann
It seems to be working, Thank you for your help!!

kennethg01 · Jan 1, 2025, 7:14 PM

@kylaris hello can you share how did ypu make it aorl to get real ip from haproxy? I did follow, but still can't get real ip instead proxy ip.

viragomann · Jan 1, 2025, 7:14 PM

@kennethg01
Did you notice, that the real clients IP is only sent to the backend server as value of the "X-Forwarded-For" header?
You have to configure your web server to log this header, since this is not done by default.