Add an X-Forwarded-For header

When the load balancer proxies a TCP connection, it overwrites the client’s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client’s address in a nonstandard HTTP header used for the purpose such as X-Forwarded-For. The backend server can then be configured to read the value from that header to retrieve the client’s IP address.

To configure the load balancer to add an X-Forwarded-For header to an incoming request:

1. Set the option forwardfor directive in a defaults frontend, listen, or backend section:

   haproxy
   backend webservers
     balance roundrobin
     option forwardfor
     server s1 192.168.56.20:3000 check
     server s2 192.168.56.21:3000 check

   haproxy
   backend webservers
     balance roundrobin
     option forwardfor
     server s1 192.168.56.20:3000 check
     server s2 192.168.56.21:3000 check

2. Optional: Disable the header for an IP address or IP range by adding the except argument:

   haproxy
   backend webservers
     balance roundrobin
     option forwardfor except 192.168.56.10
     server s1 192.168.56.20:3000 check
     server s2 192.168.56.21:3000 check

   haproxy
   backend webservers
     balance roundrobin
     option forwardfor except 192.168.56.10
     server s1 192.168.56.20:3000 check
     server s2 192.168.56.21:3000 check

3. Optional: Add the if-none argument to add the header only when it is not already present:

   haproxy
   backend webservers
     balance roundrobin
     option forwardfor if-none
     server s1 192.168.56.20:3000 check
     server s2 192.168.56.21:3000 check

   haproxy
   backend webservers
     balance roundrobin
     option forwardfor if-none
     server s1 192.168.56.20:3000 check
     server s2 192.168.56.21:3000 check