Skip to content

Instantly share code, notes, and snippets.

@sielay
Created August 10, 2016 10:06
Show Gist options
  • Save sielay/0aa4077829f35f5e0310f9e0cc9fdc71 to your computer and use it in GitHub Desktop.
Save sielay/0aa4077829f35f5e0310f9e0cc9fdc71 to your computer and use it in GitHub Desktop.
Haproxy - Capture client IP when behind CloudFlare or not. Also keep x-forwarded-for in logs
frontend www-http
bind :80
bind *:443 ssl crt /etc/haproxy/certs no-sslv3
capture request header X-Forwarded-For len 50
acl is_cf req.hdr(cf-connecting-ip) -m found
http-request set-header X-Client-IP %[src] if !is_cf
http-request set-header X-Client-IP %[hdr(cf-connecting-ip)] if is_cf
@danielsimkus
Copy link

danielsimkus commented Dec 19, 2017

A better option is this, to prevent users being able to manually add a cf-connecting-header

acl  is_cf src -f /etc/haproxy/cf-ips-v4

Making sure to save the file used above first:
wget https://www.cloudflare.com/ips-v4 > /etc/haproxy/cf-ips-v4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment