Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 4689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

X-Forwarded-For Not Working with Server Load Balancing Enabled

T D

I setup mod_rpaf on an apache web server to show the forwarded IP address using the X-Forwarded-For header.    Everything works perfectly until I also enable the Server Load Balancing.  When I enable this option, all of the logs go back to coming from the inside address of the UTM.  I even print out the headers to see if the name changed somehow, but there are no longer any IP addresses being sent in the headers.   As soon as I turn Server Load Balancing off, the X-Forwarded-For header returns.

Does anyone know why that IP is removed when I enable load balancing over https?   Is this a setting issue in the UTM, or something wrong with using both at the same time?

Thanks!

Tim



This thread was automatically locked due to age.
  • 0

    You are correct - you cannot use Webserver Protection and Server Load Balancing together.  To equally balance the load between two servers, enable both Real Servers in the Virtual Server.  If one is meant to just be a backup for the other, you can enable that in the 'Advanced' section of the Site Path Route.  It is not possible to specify anything other than a 50/50 balance with two servers.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks, Bob.... I guess then I have a follow-up question.

    If I setup the Server Load Balancer, the system would ping (or pull an http page) at a set interval and stop sending clients to that web server in the event of a failure.

    Without that, if I shutdown one web server it takes forever to stop sending over to the old server and the client browser just hangs until I have to reload.

    The setup for the load balancer seems much better for this kind of thing, but I certainly want the protection of the WAF.  Any way to speed that process up at least?

     

  • 0 in reply to T D

    I expected that the reverse proxy would do the same, Tim.  I would get your reseller to open a ticket with Sophos Support.  Please post the answer back here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML