[stunnel-users] [patch] x-forwarded-for patch for the new stunnel 4.46

Michal Trojnara Michal.Trojnara at mirt.net
Fri Nov 18 03:52:41 CET 2011


Michel Belleau:
> I use HAProxy and STunnel and I had to do a new installation lately.  
> I took time to check the latest versions available of each product  
> as this is a good time to test it out before production roll-out. I  
> figured out that enough things have changed from STunnel version  
> 4.44 to 4.46 making the X-Forwarded-For patch (that is usually used  
> when STunnel sits in front of HAProxy) reject some parts of the  
> latest 4.44 patch I found on the internet.

The "usual" way is not always the best one. Do not use X-Forwared-For  
with haproxy. Instead use "protocol = proxy" option of stunnel 4.45 or  
later, and accept-proxy bind option of haproxy 1.5-dev3 or later.

> PS: I didn't try it yet for IPv6 connections yet.

PS: "protocol = proxy" supports IPv6.

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20111118/7b89761f/attachment.sig>


More information about the stunnel-users mailing list