Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Haproxy - Capture client IP when behind CloudFlare or not. Also keep x-forwarded-for in logs
frontend www-http
bind :80
bind *:443 ssl crt /etc/haproxy/certs no-sslv3
capture request header X-Forwarded-For len 50
acl is_cf req.hdr(cf-connecting-ip) -m found
http-request set-header X-Client-IP %[src] if !is_cf
http-request set-header X-Client-IP %[hdr(cf-connecting-ip)] if is_cf
@danielsimkus

This comment has been minimized.

Copy link

@danielsimkus danielsimkus commented Dec 19, 2017

A better option is this, to prevent users being able to manually add a cf-connecting-header

acl  is_cf src -f /etc/haproxy/cf-ips-v4

Making sure to save the file used above first:
wget https://www.cloudflare.com/ips-v4 > /etc/haproxy/cf-ips-v4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment