From: Olivier Doucet Date: Tue, 21 Apr 2020 07:32:56 +0000 (+0200) Subject: DOC: Improve documentation on http-request set-src X-Git-Tag: v2.1.5~82 X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=5a8526222f2a905d5fae66586e83b8b7d53640ae;p=haproxy-2.1.git DOC: Improve documentation on http-request set-src This patch adds more explanation on how to use "http-request set-src" and a link to "option forwardfor". This patch can be applied to all previous version starting at 1.6 Reviewed-by: Tim Duesterhus (cherry picked from commit 56e3120f9ee0db8de166f5e6c9cf2ce2fc4c2364) Signed-off-by: Willy Tarreau --- diff --git a/doc/configuration.txt b/doc/configuration.txt index a18a42c..90a9fe6 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4707,16 +4707,23 @@ http-request set-src [ { if | unless } ] This is used to set the source IP address to the value of specified expression. Useful when a proxy in front of HAProxy rewrites source IP, but provides the correct IP in a HTTP header; or you want to mask source IP for - privacy. + privacy. All subsequent calls to "src" fetch will return this value + (see example). Arguments : Is a standard HAProxy expression formed by a sample-fetch followed by some converters. + See also "option forwardfor". + Example: http-request set-src hdr(x-forwarded-for) http-request set-src src,ipmask(24) + # After the masking this will track connections + # based on the IP address with the last byte zeroed out. + http-request track-sc0 src + When possible, set-src preserves the original source port as long as the address family allows it, otherwise the source port is set to 0.