HAProxy ALOHA Documentation 11.5

Add an X-Forwarded-For header

When you configure load balancing via the LB Layer 7 tab, HAProxy ALOHA acts as a reverse proxy, managing client connections on one end and server connections on the other. The downside is that it causes the client's source IP address to be replaced with HAProxy ALOHA's IP address in connections to the servers, which misrepresents the true client in the server logs.

When proxying HTTP traffic, HAProxy ALOHA can add an X-Forwarded-For header to the request before relaying it to the server. This header contains the client's source IP address, which the server can be configured to log.

To configure HAProxy ALOHA to add an X-Forwarded-For header to an incoming request, set the option forwardfor directive in a defaults, frontend, listen, or backend section.

Adds an X-Forwarded-For header containing the client's source IP address.

backend webservers
  balance roundrobin
  option forwardfor
  server s1 192.168.56.20:3000 check
  server s2 192.168.56.21:3000 check

Optionally, disable the header for an IP address (or CIDR) by adding the except parameter.

Adds an X-Forwarded-For header except when the source IP is the address of a known proxy.

backend webservers
  balance roundrobin
  option forwardfor except 192.168.56.10
  server s1 192.168.56.20:3000 check
  server s2 192.168.56.21:3000 check

Add the if-none parameter to add the header only when it is not present.

Adds an X-Forwarded-For header unless it already exists.

backend webservers
  balance roundrobin
  option forwardfor if-none
  server s1 192.168.56.20:3000 check
  server s2 192.168.56.21:3000 check

Next up

L7 Reference Manual
HAProxyConf 2022 - Call for papers