OpenStack Object Storage (swift)

  1. Bug #1843577
  2. Comment #3

Comment 3 for bug 1843577

Revision history for this message
Tim Burke (1-tim-z) wrote :

That makes some sense... but if

> not all connections are coming through haproxy

wouldn't that mean that a client could provide an X-Forwarded-For header themselves, bypassing the IP restriction? I'm not opposed to adding the config option, I just want to make sure that it would actually be suitable for your use-case.

Another option for you may be to run multiple proxy-server instances -- one that haproxy talks to which has require_proxy_protocol = true and is only bound to localhost, and another for general traffic...