proxy protocol support or x-forwarded-for/x-real-ip headers
zagr0 opened this issue · comments
Hi, thanks a lot for such great tool!
I'm trying to use it for testing purpose to mirror traffic from prod haproxy to staging haproxy according to the article https://www.haproxy.com/blog/haproxy-traffic-mirroring-for-real-world-testing
The only thing i'm not able to implement is how to pass real client ip to staging haproxy from prod through spoe-mirror, as application behind haproxy require IPs for business logic
Is there way to support proxy protocol or way to pass x-forwarded-for to request headers?
Tried everything in haproxy config, no luck...
Thanks in advance!
Hello,
I had the same issue, i'm not sure if it's a bug or feature !
With Haproxy option forwardfor, in my case x-forwarded-for headers were not passed through mirrored traffic.
I had to workaround the problem by desactivating the option forwardfor, and manually setting the header like bellow :
#option forwardfor
http-request add-header X-Forwarded-For %[src]
Regards,
Alexandre.
Hello,
the 'forwardfor' option sets the 'X-Forwarded-For' header in the http_process_request() function, which is called in the stream filter in the event defined with the AN_REQ_HTTP_INNER flag. That event (and those after it related to the http request) is not defined in the SPOE filter, so I think you have to set up that header yourself the way you described it to work (using 'http-request add-header...'). I'm sorry I can't help you at the moment, if you have any more comments or questions, feel free to contact us.
Hello. I am facing a similar issue. I need to set a custom header which I do via http-request add-header X-Found-Cluster <my_custom_value>
. I have tried adding that line to my mirror.conf
as follows:
[mirror]
spoe-agent mirror
log global
messages mirror
use-backend mirroragents
timeout hello 500ms
timeout idle 5s
timeout processing 5s
spoe-message mirror
http-request add-header X-Found-Cluster <my_custom_value>
args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
event on-frontend-http-request
I have also tried adding it to my front-end configuration:
# Production frontend
frontend fe_main
mode http
bind :80
http-request set-header X-Forwarded-For %[src]
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
# This is necessary if you aren't passing in the right host header
http-request add-header X-Found-Cluster <my_custom_value>
http-request lua.cors
http-response lua.cors "GET,PUT,POST,OPTIONS" "localhost"
option http-buffer-request
filter spoe engine mirror config /etc/haproxy/mirror.conf
default_backend be_servers
I have also tried adding it to the configuration for the mirror backend:
# Mirror agents
backend mirroragents
mode tcp
http-request set-header X-Forwarded-For %[src]
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request add-header X-Found-Cluster <my_custom_value>
balance roundrobin
timeout connect 5s
timeout server 5s
server agent1 localhost:12345
Still, I do not have any mirrored traffic which includes the X-Found-Cluster
header. Is this configuration possible? I would appreciate any help or guidance. Thanks!
Update: I managed to get this to work by setting event on-backend-http-request
in the spoe-message mirror
block of mirror.conf
. Thanks for this excellent software!