HAProxy post
This commit is contained in:
parent
0eaf6d2445
commit
e8149c9dad
4 changed files with 46 additions and 23 deletions
2
Gemfile
2
Gemfile
|
|
@ -3,6 +3,6 @@ source 'https://rubygems.org'
|
|||
gem 'jekyll', '~> 2.5.3'
|
||||
|
||||
group :extensions do
|
||||
gem 'jekyll-assets', '~> 0.14.0'
|
||||
gem 'jekyll-assets', '~> 1.0.0'
|
||||
gem 'yui-compressor', '~> 0.12.0'
|
||||
end
|
||||
|
|
|
|||
39
Gemfile.lock
39
Gemfile.lock
|
|
@ -3,22 +3,19 @@ GEM
|
|||
specs:
|
||||
addressable (2.3.8)
|
||||
blankslate (2.1.2.4)
|
||||
celluloid (0.16.0)
|
||||
timers (~> 4.0.0)
|
||||
classifier-reborn (2.0.3)
|
||||
classifier-reborn (2.0.4)
|
||||
fast-stemmer (~> 1.0)
|
||||
coffee-script (2.4.1)
|
||||
coffee-script-source
|
||||
execjs
|
||||
coffee-script-source (1.9.1.1)
|
||||
colorator (0.1)
|
||||
execjs (2.5.2)
|
||||
execjs (2.6.0)
|
||||
fast-stemmer (1.0.2)
|
||||
fastimage (1.7.0)
|
||||
addressable (~> 2.3, >= 2.3.5)
|
||||
ffi (1.9.10)
|
||||
hike (1.2.3)
|
||||
hitimes (1.2.2)
|
||||
jekyll (2.5.3)
|
||||
classifier-reborn (~> 2.0)
|
||||
colorator (~> 0.1)
|
||||
|
|
@ -34,9 +31,9 @@ GEM
|
|||
redcarpet (~> 3.1)
|
||||
safe_yaml (~> 1.0)
|
||||
toml (~> 0.1.0)
|
||||
jekyll-assets (0.14.0)
|
||||
jekyll-assets (1.0.0)
|
||||
fastimage (~> 1.6)
|
||||
jekyll (~> 2.0)
|
||||
jekyll (>= 2)
|
||||
mini_magick (~> 4.1)
|
||||
sass (~> 3.2)
|
||||
sprockets (~> 2.10)
|
||||
|
|
@ -44,20 +41,19 @@ GEM
|
|||
sprockets-sass
|
||||
jekyll-coffeescript (1.0.1)
|
||||
coffee-script (~> 2.2)
|
||||
jekyll-gist (1.2.1)
|
||||
jekyll-gist (1.3.5)
|
||||
jekyll-paginate (1.1.0)
|
||||
jekyll-sass-converter (1.3.0)
|
||||
sass (~> 3.2)
|
||||
jekyll-watch (1.2.1)
|
||||
listen (~> 2.7)
|
||||
kramdown (1.8.0)
|
||||
liquid (2.6.2)
|
||||
listen (2.10.1)
|
||||
celluloid (~> 0.16.0)
|
||||
jekyll-watch (1.3.0)
|
||||
listen (~> 3.0)
|
||||
kramdown (1.9.0)
|
||||
liquid (2.6.3)
|
||||
listen (3.0.4)
|
||||
rb-fsevent (>= 0.9.3)
|
||||
rb-inotify (>= 0.9)
|
||||
mercenary (0.3.5)
|
||||
mini_magick (4.2.7)
|
||||
mini_magick (4.3.6)
|
||||
multi_json (1.11.2)
|
||||
parslet (1.5.0)
|
||||
blankslate (~> 2.0)
|
||||
|
|
@ -66,12 +62,12 @@ GEM
|
|||
posix-spawn (~> 0.3.6)
|
||||
yajl-ruby (~> 1.2.0)
|
||||
rack (1.6.4)
|
||||
rb-fsevent (0.9.5)
|
||||
rb-fsevent (0.9.6)
|
||||
rb-inotify (0.9.5)
|
||||
ffi (>= 0.5.0)
|
||||
redcarpet (3.3.2)
|
||||
redcarpet (3.3.3)
|
||||
safe_yaml (1.0.4)
|
||||
sass (3.4.16)
|
||||
sass (3.4.19)
|
||||
sprockets (2.12.4)
|
||||
hike (~> 1.2)
|
||||
multi_json (~> 1.0)
|
||||
|
|
@ -83,8 +79,6 @@ GEM
|
|||
sprockets (~> 2.0)
|
||||
tilt (~> 1.1)
|
||||
tilt (1.4.1)
|
||||
timers (4.0.1)
|
||||
hitimes
|
||||
toml (0.1.2)
|
||||
parslet (~> 1.5.0)
|
||||
yajl-ruby (1.2.1)
|
||||
|
|
@ -95,5 +89,8 @@ PLATFORMS
|
|||
|
||||
DEPENDENCIES
|
||||
jekyll (~> 2.5.3)
|
||||
jekyll-assets (~> 0.14.0)
|
||||
jekyll-assets (~> 1.0.0)
|
||||
yui-compressor (~> 0.12.0)
|
||||
|
||||
BUNDLED WITH
|
||||
1.10.6
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ relative_permalinks: true
|
|||
# Setup
|
||||
title: tail call
|
||||
tagline: Ramblings in software development
|
||||
description: The ramblings of a 25-year-old software developer from Germany.
|
||||
description: The ramblings of a 26-year-old software developer from Germany.
|
||||
url: https://blog.kempkens.io
|
||||
hub_url: https://kempkens.superfeedr.com
|
||||
baseurl: /
|
||||
|
|
|
|||
26
_posts/2016-01-31-anonymizing-ips-using-haproxy.md
Normal file
26
_posts/2016-01-31-anonymizing-ips-using-haproxy.md
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
layout: post
|
||||
title: Anonymizing IPs Using HAProxy
|
||||
description: "Description of how to easily anonymize IPs using HAProxy."
|
||||
date: 2016-01-31 17:46:00 CET
|
||||
category: posts
|
||||
tags: [haproxy, ops, english]
|
||||
comments: true
|
||||
---
|
||||
|
||||
At work, I had to come up with an easy way to anonymize the last octet of a logged IP address in order to comply with German data protection laws. If you're using [HAProxy](http://www.haproxy.org) (1.5+), you can do this in one line.
|
||||
|
||||
If you want to forward the source IP address to a backend server, you would usually use `option forwardfor`. Sadly you can't set or change the forwarded IP using that option, so instead you have to set the `X-Forwarded-For` header manually.
|
||||
|
||||
{% highlight text %}
|
||||
http-request set-header X-Forwarded-For %[src,ipmask(24)]
|
||||
{% endhighlight %}
|
||||
|
||||
This will set the last octet of the source IP address to zero.
|
||||
|
||||
The HAProxy documentation has more information on the various things I used in this post:
|
||||
|
||||
* [option forwardfor](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor)
|
||||
* [http-request](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-http-request)
|
||||
* [src sample](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.3-src)
|
||||
* [ipmask converter](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.1-ipmask)
|
||||
Loading…
Reference in a new issue