[patch] x-forwarded-for patch for the new stunnel 4.46
Hi. I use HAProxy and STunnel and I had to do a new installation lately. I took time to check the latest versions available of each product as this is a good time to test it out before production roll-out. I figured out that enough things have changed from STunnel version 4.44 to 4.46 making the X-Forwarded-For patch (that is usually used when STunnel sits in front of HAProxy) reject some parts of the latest 4.44 patch I found on the internet. Here is the patch, applying with no problems on 4.46, for anyone else interested: http://labs.malaiwah.com/stunnel-4.46-xforwarded-for.diff PS: I didn't try it yet for IPv6 connections yet. Michel Belleau
Michel Belleau:
I use HAProxy and STunnel and I had to do a new installation lately. I took time to check the latest versions available of each product as this is a good time to test it out before production roll-out. I figured out that enough things have changed from STunnel version 4.44 to 4.46 making the X-Forwarded-For patch (that is usually used when STunnel sits in front of HAProxy) reject some parts of the latest 4.44 patch I found on the internet.
The "usual" way is not always the best one. Do not use X-Forwared-For with haproxy. Instead use "protocol = proxy" option of stunnel 4.45 or later, and accept-proxy bind option of haproxy 1.5-dev3 or later.
PS: I didn't try it yet for IPv6 connections yet.
PS: "protocol = proxy" supports IPv6. Mike
Hi Michal, Thanks for the pointer, I'll try that right away! Michel Envoyé de mon terminal mobile BlackBerry par le biais du réseau de Rogers Sans-fil -----Original Message----- From: Michal Trojnara <Michal.Trojnara@mirt.net> Sender: stunnel-users-bounces@stunnel.org Date: Fri, 18 Nov 2011 03:52:41 To: <stunnel-users@stunnel.org> Subject: Re: [stunnel-users] [patch] x-forwarded-for patch for the new stunnel 4.46 _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
participants (3)
-
Michal Trojnara -
Michel Belleau -
michel.belleau@malaiwah.com