[prev in list] [next in list] [prev in thread] [next in thread]
List: varnish-dev
Subject: Re: More on the HAProxy proxy protocol
From: Tollef Fog Heen <tfheen () varnish-software ! com>
Date: 2013-12-04 14:07:40
Message-ID: 20131204140740.GA1096 () err ! no
[Download RAW message or body]
]] Poul-Henning Kamp
> I've been thinking about something like this:
>
> remote.ip // [IP Other end of TCP connection
> remote.port // [INT Our sockets peer-address
>
> local.ip // [IP own end of the TCP connection
> local.port // [INT sockets local address
>
>
> client.ip // [IP] Which IP$ client to connected to our end from.
> // if proto == PROXY
> // set from PROXY.hdr
> // else
> // set from remote.ip
>
> server.ip // [IP] Which IP# client connected to in our end.
> server.port // [INT]
> // if proto == PROXY
> // set from PROXY.hdr
> // else
> // set from our.*
These work for me.
> client.identity // Best case ultimate client identity
> // if X-F-F:
> // set from X-F-F
> // else
> // set from client.ip
>
> I'm somewhat tempted to make client.identity a STRING, rather than
> an IP, to make it clear to people that running it through an ACL
> is a bad idea.
client.identity is already a string, and I don't think we should set it
from X-F-F, but rather just client.ip. It can be trivially overridden
if the sysadmin wants that.
--
Tollef Fog Heen
Technical lead | Varnish Software AS
📞: +47 21 98 92 64
We Make Websites Fly!
_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic