Forum Discussion
NimbostratusF5 Proxy protocol irule support
NimbostratusWe enabled proxy protocol v1 in cloudflare and the irule which we applied supports both V1 and V2.
When we check the LTM logs it always throws the below logs
"Connection rejected from [IP::client_addr]:[TCP::client_port] due to lack of PROXY protocol header"
And when we allow no-proxy we receive the below logs
log "Connection from [IP::client_addr]:[TCP::client_port] allowed despite lack of PROXY protocol header"
It never hit the proxy protocol v1 or V2
Now how can i confirm whether we are receiving the proxy protocol v1 in LTM, As per the packet capture with that irule applied after initial 3-WAY handshake client hello was sent and VS IP reset it.
Please suggest how to verify proxy protocol header details in packet capture.
It seems the subscription we are using is not allowed to use true-client IP feature.
MVPwith the irule on no-proxy i assume you dont get a reset after the client hello?
if you do, do you have a HTTP profile on your virtual server? not quite sure that profile with work if you insert non standard HTTP things.
there is no chance to have cloudflare talk unencrypted to your BIG-IP as a test. then you could easier packet capture
you can try to print the TCP payload which should contain the word proxy, i.e. [TCP::payload 0 5] in your allowed despite lack of ... section.
