Forum
Support proxy protocol
Miguel
14 July 2017, 03:10
Can Hiawatha support the Proxy protocol (http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)? This way we can get source IPs from frontend load balancers while keeping an end to end encrypted connection.
Regards
Regards
Hugo Leisink
14 July 2017, 11:47
I don't have the time for that. And also, I think the PROXY method isn't an official HTTP method, right?
Why not simply use HTTPS from the load balancer to the backend webserver?
Why not simply use HTTPS from the load balancer to the backend webserver?
Miguel
16 July 2017, 22:38
That's fair Hugo. Proxy proto is not part of HTTP, you are correct. The whole point is being able to relay this information without breaking the end-to-end encrypted connection, so it uses the TCP layer to communicate with backends.
In some cases, breaking the connection (and re-encripting)at the LB as you suggest, present us with a transitory trust problem where we need to trust the LB which means expanding the scope of the security design of the solution.
I understand it's not going to be supported, just wanted to provide a rationale for the request.
Regards
In some cases, breaking the connection (and re-encripting)at the LB as you suggest, present us with a transitory trust problem where we need to trust the LB which means expanding the scope of the security design of the solution.
I understand it's not going to be supported, just wanted to provide a rationale for the request.
Regards
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
