Proxy protocol is required for IPv6 on AWS. We are facing the loss of source client IP in HA Proxy. AWS Load Balancer's property preserve_client_ip only works for disabled proxy protocol.
The global flag accept_proxy, which is false by default, is not suitable to solve the problem, since it would break the outgoing traffic.
This PR introduces a new property expect_proxy, which accepts a list of CIDR ranges for which to expect the PROXY protocol. This property should contain a list of private IPs/CIDRs of the load balancers, for which a transparent proxing will be turned off. The property is mutually exclusive with the accept_proxy and will lead to validation failure if both are set to true.
Proxy protocol is required for IPv6 on AWS. We are facing the loss of source client IP in HA Proxy. AWS Load Balancer's property preserve_client_ip only works for disabled proxy protocol. The global flag accept_proxy, which is false by default, is not suitable to solve the problem, since it would break the outgoing traffic.
This PR introduces a new property expect_proxy, which accepts a list of CIDR ranges for which to expect the PROXY protocol. This property should contain a list of private IPs/CIDRs of the load balancers, for which a transparent proxing will be turned off. The property is mutually exclusive with the accept_proxy and will lead to validation failure if both are set to true.