This article describes how to configure NetScaler to send proxy protocol to backend servers.

Background

Proxy protocol was designed to chain proxies/reverse proxies without losing the client information.

• Client information refers to the client-ip address and port.

NetScaler can send PROXY PROTOCOL header to the backend server/proxies which embeds the client information. Proxy protocol header is sent at the start of the TCP payload.

Instructions

In NetScaler, Rewrite policies can be used to send proxy protocol header for both HTTP and TCP vserver type
 

1. From NetScaler navigate to Appexpert > Rewrite > Action.
   add rewrite action insertproxy INSERT_BEFORE client.tcp.payload(1) '"PROXY TCP4 "+client.ip.src +" "+client.ip.dst +" "+client.tcp.srcport +" "+client.tcp.dstport +"\r\n"'

   

2. From NetScaler navigate to Appexpert > Rewrite > Policies.
   add rewrite policy rewritesmtp "CLIENT.TCP.DSTPORT.EQ(25)" insertproxy

   

3. From NetScaler, navigate to Traffic Management > Load Balancing > Virtual Server > Edit Virtual Server > Policies
   bind lb vserver smtpfrontend -policyName rewritesmtp -priority 15 -gotoPriorityExpression END -type REQUEST

   

   
   
   If the vserver is of type HTTP then the below set of rewrite policies should be used:
   Below is one example of Proxy Protocol Header followed by HTTP request
   PROXY TCP4 198.51.100.22 203.0.113.7 35646 80
   GET / HTTP/1.1
   Host: testdomain.com
   
   add rewrite action proxy_ipv4 INSERT_BEFORE HTTP.REQ.FULL_HEADER '"PROXY TCP4 " + CLIENT.IP.SRC + " " + CLIENT.IP.DST + " " + CLIENT.TCP.SRCPORT + " " + CLIENT.TCP.DSTPORT + "\r\n"'
   add rewrite policy rwp1 HTTP.REQ.IS_VALID proxy_ipv4
   bind lb vserver vs1 -policyName rwp1 -priority 10 -gotoPriorityExpression NEXT -type REQUEST