Add forwardfor advanced usecases
By default haproxy creates new x-forward-for header and do not touch existing one. This could be found in documentation and on issue 44 of github.
Pfsense UI has checkbox for option forwardfor but it not allowing to customize behavior of this option.I think it could be implemented:
- default use case - add new x-forwarded-for even header already exists. This ok in terms of http, but some backends have problems with parsing such stuff
- force - remove x-forwarded-for if it exists in client request and add just haproxy client IP. Actually this is most desired usually by sysadmins flow, at least from my opinion.
- append - modify existing x-forwarded-for header by writing client ip to the end of existing header, or just add this header if it not exist.
- name parameter is missing in pfsense
- force if srcip !trusted_proxy
- append if srcip trusted_proxy
Syntax of haproxy config is next (condition could be added with if):
# forwardfor default, but with x-client header name
option forwardfor header X-Client
# forwardfor force
http-request del-header x-forwarded-for
http-request set-header x-forwarded-for "%[src]"
# forwardfor append
#http-request replace-header x-forwarded-for ^ "%[req.fhdr(x-forwarded-for)], %[src]"
- HAproxy docs https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#option%20forwardfor
- Github issue with discussion about usage https://github.com/haproxy/haproxy/issues/44
No data to display