Hello Federico @grumvalski
I tried before use haproxy protocol and found Kamailio implementation is very restrictive.

As example

1. CPU 100% usage when created TCP connection and data do not send #2658
2. no ability to define a list of trusted sources, because now any fraud host can send crafted haproxy packet and break ACL rules used on Kamailio side. Relevant feature set_real_ip_from exist in nginx (Link). From my point of view it is a big security hole.

Could you also look for limitations described above.

Just for info, nginx config snippet with haproxy feature.

 server {
    listen 0.0.0.0:3128 proxy_protocol;
    listen [::]:3128 proxy_protocol;
    set_real_ip_from 4.101.84.5/32;
    set_real_ip_from 4.101.84.133/32;
    set_real_ip_from 4.236.25.5/32;
    set_real_ip_from 4.236.25.133/32;
    real_ip_header proxy_protocol;
...

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.