Proxy Protocol

Instead of files waiting in a queue for a server to become available, a load balancers for EFT HA Active-Active configuration are used distribute traffic to available EFT servers. Adding a load balancer means that instead of EFT seeing the original client requests, it sees requests as though they had originated from the load balancer. In this case, EFT doesn't receive client information, such as IP address and port number, making it difficult to analyze traffic logs or other transfer details. Prior to EFT v8.0.5, when EFT is setup behind a load balancer, such as HAProxy or F5, when connections come in to EFT, the originating IP appears as that of proxy/LB, rather than origination client.

HAProxy developed a special "Proxy Protocol" to deal with this problem, which has since been adopted by load balancer manufacturers, proxies, and servers. Proxy Protocol provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies. It is designed to require little changes to existing components and to limit the performance impact caused by the processing of the transported information.

There is no "mixed mode"; if Proxy Protocol is enabled, Proxy Protocol headers are required for that Site. If they aren't, connections are aborted. Also, Proxy Protocol is not supported for EFT as a client (that is, outbound transfers using Event Rules).

To enable Proxy Protocol

1. In the administration interface, connect to EFT and click the Server tab.

2. On the Server tab, click the Site that you want to configure.

3. On the Site > Connections tab, select the Enable Proxy Protocol for all protocols enabled on the Site check box.

4. Click Apply to save changes.

5. Click the Proxy Protocol link to open https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt to read more.