Haproxy配置X-Forwarded-For
安装Httpd服务: [root@linux-01 ~]# yum install httpd Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirrors.nwsuaf.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn base | 3.7 kB 00:0 extras | 3.4 kB 00:0 updates | 3.4 kB 00:0 updates/primary_db | 2.6 MB 00:0 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.2.15-54.el6.centos will be installed --> Processing Dependency: httpd-tools = 2.2.15-54.el6.centos for package: httpd-2.2.15-54.el6.centos.x86_64 --> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-54.el6.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-54.el6.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-54.el6.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed ---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package httpd-tools.x86_64 0:2.2.15-54.el6.centos will be installed --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================== Package Arch Version Repository =============================================================================================================================== Installing: httpd x86_64 2.2.15-54.el6.centos updates Installing for dependencies: apr x86_64 1.3.9-5.el6_2 base apr-util x86_64 1.3.9-3.el6_0.1 base apr-util-ldap x86_64 1.3.9-3.el6_0.1 base httpd-tools x86_64 2.2.15-54.el6.centos updates Transaction Summary =============================================================================================================================== Install 5 Package(s) Total download size: 1.1 M Installed size: 3.6 M Is this ok [y/N]: y Downloading Packages: (1/5): apr-1.3.9-5.el6_2.x86_64.rpm | 123 kB 00:0 (2/5): apr-util-1.3.9-3.el6_0.1.x86_64.rpm | 87 kB 00:0 (3/5): apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm | 15 kB 00:0 (4/5): httpd-2.2.15-54.el6.centos.x86_64.rpm | 833 kB 00:0 (5/5): httpd-tools-2.2.15-54.el6.centos.x86_64.rpm | 79 kB 00:0 ------------------------------------------------------------------------------------------------------------------------------- Total 657 kB/s | 1.1 MB 00:0 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : apr-1.3.9-5.el6_2.x86_64 Installing : apr-util-1.3.9-3.el6_0.1.x86_64 Installing : httpd-tools-2.2.15-54.el6.centos.x86_64 Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 Installing : httpd-2.2.15-54.el6.centos.x86_64 Verifying : httpd-tools-2.2.15-54.el6.centos.x86_64 Verifying : apr-1.3.9-5.el6_2.x86_64 Verifying : httpd-2.2.15-54.el6.centos.x86_64 Verifying : apr-util-1.3.9-3.el6_0.1.x86_64 Verifying : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 Installed: httpd.x86_64 0:2.2.15-54.el6.centos Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-54.el6.centos Complete!配置Httpd,X-Forwarded-For
[root@linux-01 ~]# vim /etc/httpd/conf/httpd.conf httpd: //497: LogFormat "{X-Forwarded-For} %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined Acl应用配置案例 Redirect Example: acl clear dst_port 80 acl secure dst_port 8080 acl login_page url_beg /login acl logout url_beg /logout acl uid_given url_reg /login?userid=[^&]+ acl cookie_set hdr_sub(cookie) SEEN=1 redirect prefix https://mysite.com set-cookie SEEN=1 if !cookie_set redirect prefix https://mysite.com if login_page !secure redirect prefix http://mysite.com drop-query if login_page !uid_given redirect location http://mysite.com/ if !login_page secure redirect location / clear-cookie USERID= if logout 当用户通过80端口访问/haproxy?stats重定向8009端口上服务来提供此功能 reqadd <string> [{if | unless} <cond>] <string> is the complete line to be added. Any space or known delimiter must be escaped using a backslash (''). Please refer to section 6 about HTTP header manipulation for more information. <cond> is an optional matching condition built from ACLs. It makes it possible to ignore this rule when other conditions are not met. acl is-ssl dst_port 81 reqadd X-Proto: SSL if is-ssl 超时时长:timeout http-request timeout http-request <timeout> Set the maximum allowed time to wait for a complete HTTP request 实现访问控制: http-request :7层 tcp-request :4层过滤 //scheme://user:password@host:port/path;params?query#fragment An Example acl url_static path_beg /static /images /img /css acl Url_static path_end .gif .png .jpg .css .js acl host_www hdr_beg(host) -i www acl host_static hdr_beg(host) -i img. viedo. download. ftp. use_backend static if host_static of url_static url_backend www if host_www