• Locations
  • Pricing
  • Calculator
  • Affiliate
  • Merchandise
  • Blog
  • Documentation
Menu
  • Locations
  • Pricing
  • Calculator
  • Affiliate
  • Merchandise
  • Blog
  • Documentation
Dashboard
Popular Search fivem

Getting Started

  • What is Lectron?
  • FAQ
  • Locations
  • Features
  • Billings
  • Getting started
  • How to use the Dashboard
  • Why is this called Armor?
  • How to Configure SRV Record Correctly
  • How to report high ping issues to Lectron?

Beginner's Guide

  • What is the internet?
  • What is a proxy server?
  • How a DNS Server (Domain Name System) works
  • TCP vs. UDP Comparison
  • What is a server?
  • What is a DDoS attack?
  • What is a Firewall?
  • Protected: What is a port?
  • How to Configure SRV Record Correctly
  • Proxy Protocol
  • What is TCP Protocol?
  • What is UDP Protocol ?

Troubleshooting

  • High Latency and General Lag
  • Edge TLS
  • Ping and TraceRoute (tracert) commands
  • Understanding Network Address Translation (NAT)
  • What are SSL, TLS, HTTP and HTTPS?
  • Understanding IPv4 and IPv6
  • Understanding FTP (File Transfer Protocol)
  • What is Wireshark
  • Diagnosing Network Issues with MTR

Attack Types

  • SYN Flood
  • TCP Half-Open
  • DNS Reflection Attack
  • Denial of Service explained
  • DDoS through DNS Requests
  • UDP Flood
  • Vulnerability Attack
  • Phishing Attacks
  • Common Security Threats
  • Ping of Death ICMP Attack
  • Slowloris Attack

DDoS Attack

  • what is DDoS attack?
  • Overview of DDoS attack.
  • Characteristics of DDoS attack
  • Protective Measures

Firewall

  • what is Firewall?
  • Home
  • Documentation
  • Protect
  • Beginner's Guide
  • Proxy Protocol

Proxy Protocol

Table of Contents
  • Introduction
  • Proxy protocol documentation
  • Proxy-protocol ready software
  • Proxy-protocol ready appliances
  • Not yet proxy-protocol ready

Introduction #

The Proxy Protocol was designed to chain proxies / reverse-proxies without losing the client information.

A proxy will use its own IP stack to get connected to remote servers. Because of this, we lose the initial TCP connection information like source and destination IP and port when a proxy is involved in architecture.

That said, a few workarounds exist, like:

  • Tproxy: require you to compile your kernel and to make your proxy as your server’s default gateway, can pass through nat-ting firewalls
  • HTTP X-Forwarded-For header: works only for HTTP and require modules in Apache and IIS
  • …

The problem with these workarounds is that they are either protocol-related or require architecture changes, preventing scalability.

That’s where the proxy protocol comes in:

  • it is protocol-agnostic (can work with any layer 7 protocols, even when encrypted).
  • it does not require any infrastructure changes
  • nat-ing firewalls have no impact it
  • it is scalable

The is only one condition: both endpoints of the connection MUST be compatible with the proxy protocol. This could be either proxy, reverse-proxies, load-balancers, WAF, application servers, etc….

Proxy protocol documentation #

The description of the protocol by Willy, HAProxy developer: proxy protocol.

And a few articles speaking about the subject:

  • Efficient SMTP relay infrastructure with Postfix and load-balancers
  • Preserve source IP address despite reverse proxies

Proxy-protocol ready software #

The list below summarizes which software have already implemented the proxy protocol:

  • Elastic Load Balancing, since July 2013, AWS’ Load-Balancer
  • Dovecot, since 2.2.19, a POP/IMAP mail server
  • exaproxy, since 1.0.0, forward and reverse proxy
  • exim, since 4.83, client side only, SMTP MTA
  • FreeRADIUS, since 3.0.24
  • gunicorn, since 0.15.0, python HTTP server
  • haproxy, since 1.5-dev3, reverse-proxy load-balancer
  • hitch since the first release, SSL offloader, fork of stud.
  • nginx, since 1.5.12 in HTTP server client side only, Web server, HTTP + Mail reverve-proxy
  • Percona DB Server, since 5.6.25-73.0, DataBase server
  • postfix, since 2.10, SMTP MTA
  • stud, since the first release, SSL offloader.
  • stunnel, since 4.45, SSL offloader
  • apache HTTPD, web server, use the module myfixip, for both apache 2.2 and 2.4
  • varnish, HTTP reverse-proxy cache, since version 4.1

Proxy-protocol ready appliances #

  • HAProxy ALOHA Load-Balancer

Not yet proxy-protocol ready #

But it would be good they do it:

  • apache ATS, HTTP proxy and reverse-proxy cache
  • squid, HTTP proxy and reverse-proxy cache
  • MySQL, Database server
Reactions
Share this Doc:
  • Facebook
  • Twitter
  • LinkedIn
  • Pinterest
Still stuck? How can we help?

How can we help?

Updated on December 11, 2021
How to Configure SRV Record CorrectlyWhat is TCP Protocol?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Table of Contents
  • Introduction
  • Proxy protocol documentation
  • Proxy-protocol ready software
  • Proxy-protocol ready appliances
  • Not yet proxy-protocol ready

join our newsletter

Get frequent news, updates and rewards !





We make the metaverse a better place.
Facebook-f Twitter Instagram Linkedin-in Youtube Github Twitch

Quick Menu

  • Locations
  • Pricing
  • Calculator
  • Affiliate
  • Merchandise
  • Blog
  • Documentation
Menu
  • Locations
  • Pricing
  • Calculator
  • Affiliate
  • Merchandise
  • Blog
  • Documentation
Copyright © Lectron, Inc. | All rights reserved
Trademarked with United States Patent and Trademark Office