No Hair Blog

You are here: Home > Blog

Transparent reverse proxy using OpenBSD relayd

I've been using OpenBSD's relayd (version shipped in OpenBSD 6.1) as a reverse proxy in front of OpenBSD's httpd webserver for a year or so. It does filtering OK (see this post. One of the problems is that I could not get relayd to pass the ip address of the client to the webserver for logging.

The relayd.conf manual includes several examples, and I have tried several permutations including:

match header set "X-Forwarded-For" value "$REMOTE_ADDR" 
match header append "X-Forwarded-For value "$REMOTE_ADDR"
match request header set "X-Forwarded-For" value "$REMOTE_ADDR" 
match request header append "X-Forwarded-For value "$REMOTE_ADDR" 

[Continue reading]

Posted by Gordon, No Hair Blog, Mar 4, 2018