8f5de8af6a
This fixes several issues where services would see the internal IP of the proxy and not that of the client. It works by first unsetting any proxy-related headers that arrive from the internet, then setting those as seen by HAProxy's entrypoint frontend. And finally making sure that neither WAF when enabled nor other HAProxy backends touch these headers, while they are actually used by the final services. Services affected: Netcloud, Keycloak, Moodle |
||
|---|---|---|
| .. | ||
| rules | ||
| 000-default.conf | ||
| Dockerfile | ||
| crs-setup.conf | ||
| docker-entrypoint.sh | ||
| modsec_rules.conf | ||
| rules_apps.conf | ||