Hi.
I use HAProxy and STunnel and I had to do a new installation lately. I took time to check the latest versions available of each product as this is a good time to test it out before production roll-out. I figured out that enough things have changed from STunnel version 4.44 to 4.46 making the X-Forwarded-For patch (that is usually used when STunnel sits in front of HAProxy) reject some parts of the latest 4.44 patch I found on the internet.
Here is the patch, applying with no problems on 4.46, for anyone else interested: http://labs.malaiwah.com/stunnel-4.46-xforwarded-for.diff
PS: I didn't try it yet for IPv6 connections yet.
Michel Belleau
Michel Belleau:
I use HAProxy and STunnel and I had to do a new installation lately. I took time to check the latest versions available of each product as this is a good time to test it out before production roll-out. I figured out that enough things have changed from STunnel version 4.44 to 4.46 making the X-Forwarded-For patch (that is usually used when STunnel sits in front of HAProxy) reject some parts of the latest 4.44 patch I found on the internet.
The "usual" way is not always the best one. Do not use X-Forwared-For with haproxy. Instead use "protocol = proxy" option of stunnel 4.45 or later, and accept-proxy bind option of haproxy 1.5-dev3 or later.
PS: I didn't try it yet for IPv6 connections yet.
PS: "protocol = proxy" supports IPv6.
Mike
Hi Michal,
Thanks for the pointer, I'll try that right away!
Michel Envoyé de mon terminal mobile BlackBerry par le biais du réseau de Rogers Sans-fil
-----Original Message----- From: Michal Trojnara Michal.Trojnara@mirt.net Sender: stunnel-users-bounces@stunnel.org Date: Fri, 18 Nov 2011 03:52:41 To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] [patch] x-forwarded-for patch for the new stunnel 4.46
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
Michal Trojnara -
Michel Belleau -
michel.belleau@malaiwah.com