daniel/blog.kempkens.io
1
0
Fork 0
Code Activity

HAProxy post

Browse source
This commit is contained in:
Daniel Kempkens 2016-01-31 17:46:05 +01:00
parent 0eaf6d2445
commit e8149c9dad
4 changed files with 46 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Gemfile
View file

@ -3,6 +3,6 @@ source 'https://rubygems.org'
gem 'jekyll', '~> 2.5.3' gem 'jekyll', '~> 2.5.3'
group :extensions do group :extensions do
gem 'jekyll-assets', '~> 0.14.0' gem 'jekyll-assets', '~> 1.0.0'
gem 'yui-compressor', '~> 0.12.0' gem 'yui-compressor', '~> 0.12.0'
end end

39
Gemfile.lock
View file

@ -3,22 +3,19 @@ GEM
specs: specs:
addressable (2.3.8) addressable (2.3.8)
blankslate (2.1.2.4) blankslate (2.1.2.4)
celluloid (0.16.0) classifier-reborn (2.0.4)
timers (~> 4.0.0)
classifier-reborn (2.0.3)
fast-stemmer (~> 1.0) fast-stemmer (~> 1.0)
coffee-script (2.4.1) coffee-script (2.4.1)
coffee-script-source coffee-script-source
execjs execjs
coffee-script-source (1.9.1.1) coffee-script-source (1.9.1.1)
colorator (0.1) colorator (0.1)
execjs (2.5.2) execjs (2.6.0)
fast-stemmer (1.0.2) fast-stemmer (1.0.2)
fastimage (1.7.0) fastimage (1.7.0)
addressable (~> 2.3, >= 2.3.5) addressable (~> 2.3, >= 2.3.5)
ffi (1.9.10) ffi (1.9.10)
hike (1.2.3) hike (1.2.3)
hitimes (1.2.2)
jekyll (2.5.3) jekyll (2.5.3)
classifier-reborn (~> 2.0) classifier-reborn (~> 2.0)
colorator (~> 0.1) colorator (~> 0.1)
@ -34,9 +31,9 @@ GEM
redcarpet (~> 3.1) redcarpet (~> 3.1)
safe_yaml (~> 1.0) safe_yaml (~> 1.0)
toml (~> 0.1.0) toml (~> 0.1.0)
jekyll-assets (0.14.0) jekyll-assets (1.0.0)
fastimage (~> 1.6) fastimage (~> 1.6)
jekyll (~> 2.0) jekyll (>= 2)
mini_magick (~> 4.1) mini_magick (~> 4.1)
sass (~> 3.2) sass (~> 3.2)
sprockets (~> 2.10) sprockets (~> 2.10)
@ -44,20 +41,19 @@ GEM
sprockets-sass sprockets-sass
jekyll-coffeescript (1.0.1) jekyll-coffeescript (1.0.1)
coffee-script (~> 2.2) coffee-script (~> 2.2)
jekyll-gist (1.2.1) jekyll-gist (1.3.5)
jekyll-paginate (1.1.0) jekyll-paginate (1.1.0)
jekyll-sass-converter (1.3.0) jekyll-sass-converter (1.3.0)
sass (~> 3.2) sass (~> 3.2)
jekyll-watch (1.2.1) jekyll-watch (1.3.0)
listen (~> 2.7) listen (~> 3.0)
kramdown (1.8.0) kramdown (1.9.0)
liquid (2.6.2) liquid (2.6.3)
listen (2.10.1) listen (3.0.4)
celluloid (~> 0.16.0)
rb-fsevent (>= 0.9.3) rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9) rb-inotify (>= 0.9)
mercenary (0.3.5) mercenary (0.3.5)
mini_magick (4.2.7) mini_magick (4.3.6)
multi_json (1.11.2) multi_json (1.11.2)
parslet (1.5.0) parslet (1.5.0)
blankslate (~> 2.0) blankslate (~> 2.0)
@ -66,12 +62,12 @@ GEM
posix-spawn (~> 0.3.6) posix-spawn (~> 0.3.6)
yajl-ruby (~> 1.2.0) yajl-ruby (~> 1.2.0)
rack (1.6.4) rack (1.6.4)
rb-fsevent (0.9.5) rb-fsevent (0.9.6)
rb-inotify (0.9.5) rb-inotify (0.9.5)
ffi (>= 0.5.0) ffi (>= 0.5.0)
redcarpet (3.3.2) redcarpet (3.3.3)
safe_yaml (1.0.4) safe_yaml (1.0.4)
sass (3.4.16) sass (3.4.19)
sprockets (2.12.4) sprockets (2.12.4)
hike (~> 1.2) hike (~> 1.2)
multi_json (~> 1.0) multi_json (~> 1.0)
@ -83,8 +79,6 @@ GEM
sprockets (~> 2.0) sprockets (~> 2.0)
tilt (~> 1.1) tilt (~> 1.1)
tilt (1.4.1) tilt (1.4.1)
timers (4.0.1)
hitimes
toml (0.1.2) toml (0.1.2)
parslet (~> 1.5.0) parslet (~> 1.5.0)
yajl-ruby (1.2.1) yajl-ruby (1.2.1)
@ -95,5 +89,8 @@ PLATFORMS
DEPENDENCIES DEPENDENCIES
jekyll (~> 2.5.3) jekyll (~> 2.5.3)
jekyll-assets (~> 0.14.0) jekyll-assets (~> 1.0.0)
yui-compressor (~> 0.12.0) yui-compressor (~> 0.12.0)
BUNDLED WITH
1.10.6

2
_config.yml
View file

@ -9,7 +9,7 @@ relative_permalinks: true
# Setup # Setup
title: tail call title: tail call
tagline: Ramblings in software development tagline: Ramblings in software development
description: The ramblings of a 25-year-old software developer from Germany. description: The ramblings of a 26-year-old software developer from Germany.
url: https://blog.kempkens.io url: https://blog.kempkens.io
hub_url: https://kempkens.superfeedr.com hub_url: https://kempkens.superfeedr.com
baseurl: / baseurl: /

26
_posts/2016-01-31-anonymizing-ips-using-haproxy.md Normal file
View file

@ -0,0 +1,26 @@
---
layout: post
title: Anonymizing IPs Using HAProxy
description: "Description of how to easily anonymize IPs using HAProxy."
date: 2016-01-31 17:46:00 CET
category: posts
tags: [haproxy, ops, english]
comments: true
---
At work, I had to come up with an easy way to anonymize the last octet of a logged IP address in order to comply with German data protection laws. If you're using [HAProxy](http://www.haproxy.org) (1.5+), you can do this in one line.
If you want to forward the source IP address to a backend server, you would usually use `option forwardfor`. Sadly you can't set or change the forwarded IP using that option, so instead you have to set the `X-Forwarded-For` header manually.
{% highlight text %}
http-request set-header X-Forwarded-For %[src,ipmask(24)]
{% endhighlight %}
This will set the last octet of the source IP address to zero.
The HAProxy documentation has more information on the various things I used in this post:
* [option forwardfor](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor)
* [http-request](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-http-request)
* [src sample](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.3-src)
* [ipmask converter](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.1-ipmask)