Configuring traffic through a load balancer
Use dsconfig
or the administrative console to configure PingAuthorize Server to get traffic through a load balancer and to record the actual client’s IP address.
To record the actual client’s IP address to the trace log, enable X-Forwarded-*
handling in both the intermediate HTTP server and the PingAuthorize Server.
By default, when a PingAuthorize Server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it logs incoming requests as originating with the intermediate HTTP server instead of the client that sent the request.
When you set the use-forwarded-headers
property and enable an HTTP connection handler to use Forwarded
or X-Forwarded-*
headers, many intermediate HTTP servers add information about the original request that would otherwise be lost.
If use-forwarded-headers
is set to true
, the server uses the client IP address and port information in the Forwarded
or X-Forwarded-*
headers instead of the address and port of the entity that’s sending the request (the load balancer). This client address information shows up in logs, such as in the from
field of the HTTP REQUEST
and HTTP RESPONSE
messages.
If both the |
- Dsconfig
-
Configuring traffic through a load balancer using dsconfig
Steps
-
Edit the HTTP or HTTPS connection handler object and set
use-forwarded-headers
totrue
by runningdsconfig
.Example:
dsconfig set-connection-handler-prop \ --handler-name "HTTPS Connection Handler" \ --set use-forwarded-headers:true
-
To finalize the changes to the HTTP or HTTPS connection handler, use
dsconfig
to restart the connection handler.Example:
dsconfig set-connection-handler-prop \ --handler-name "HTTPS Connection Handler" \ --set enabled:false dsconfig set-connection-handler-prop \ --handler-name "HTTPS Connection Handler" \ --set enabled:true
-
To provide the
X-Forwarded-*
information to your load balancer, consult your provider’s guide on configuring load balancer settings.
-
- Administrative console
-
Configuring traffic through a load balancer using the administrative console
Steps
-
On the PingAuthorize administrative console Configuration page, click Connection Handlers.
-
To edit your HTTP or HTTPS connection handler, in the Connection Handlers list, select the connection handler you want to edit.
-
To enable
Forwarded
headers, go to Use Forwarded Headers and select the Enabled check box. -
Click Save.
-
To finalize the changes to the HTTP or HTTPS connection handler, use
dsconfig
to restart the connection handler.
-
Example:
dsconfig set-connection-handler-prop \ --handler-name "HTTPS Connection Handler" \ --set enabled:false dsconfig set-connection-handler-prop \ --handler-name "HTTPS Connection Handler" \ --set enabled:true
Because disabling the connection handler brings down the administrative console, you must complete this step in the command line instead of the administrative console. |
-
To provide the
X-Forwarded-*
information to your load balancer, consult your provider’s guide on configuring load balancer settings.