Haproxy Cloudflare restoring original ip
-
I am trying to pass the original ip to the server.
I found how to do so on the Cloudflare website but it is made for cli.
Can anyone tell me how to input cli command on Haproxy GUI?
This screenshot is from https://support.cloudflare.com/hc/en-us/articles/200170786Thank you.
-
@kylaris
You cannot use cli commands for configuring HAproxy. All settings have to be made in the GUI.I would try it this way:
- Add an URL alias to pfSense. Name it CF_ips and point it to https://www.cloudflare.com/ips-v4
- In the HAproxy frontend add an ACL "from_cf", select "Source IP matches IP or Alias" and enter "CF_ips" under value.
- add an additional ACL "cf_ip_hdr", select "custom alc" and enter "req.hdr(CF-Connecting-IP) -m found" for the value.
- add an action "http-request header set", for the name enter "X-Forwarded-For" and in fmt "%[req.hdr(CF-Connecting-IP)]". Under conditions enter "from_cf cf_ip_hdr".
- save and apply
Consider that the web server must be configured to interpret the X-Forwarded-For header to get the clients IP.
-
@viragomann
It seems to be working, Thank you for your help!! -
@kylaris hello can you share how did ypu make it aorl to get real ip from haproxy? I did follow, but still can't get real ip instead proxy ip.
-
@kennethg01
Did you notice, that the real clients IP is only sent to the backend server as value of the "X-Forwarded-For" header?
You have to configure your web server to log this header, since this is not done by default.