#901 Support PROXY protocol for usage with HaProxy

Reporter Thomas L.
Owner Nobody
Stars ★★★ (5)  
  • Status-New
  • Type-Enhancement
  • Priority-Medium
  1. Thomas L. on

    If you have Prosody running behind a NAT or TCP proxy for high availability or load balancing, Prosody can't see the real IP addresses of connecting clients and servers. Therefore Prosody can't block IP-addresses: Brute force attacks cannot be handled, and registration attempts cannot be limited. Fortunately there is a solution to it: HAProxy implements the PROXY protocol, which transmits a client's IP address to the application endpoint, e.g. a mail server or another application server. Prosody does not support the PROXY protocol yet. Let's implement that! :-)

  2. Thomas L. on

    More information on the PROXY protocol: https://www.haproxy.com/blog/haproxy/proxy-protocol/

  3. MattJ on

    Coincidentally I was looking at this a few days ago. It could certainly be implemented in a plugin :)

  4. Thomas L. on

    Just wanted to add a bounty to this issue on Bountysource, but Bountysource seems to support GitHub only :-( https://www.bountysource.com/issues/44710850-901-support-proxy-protocol-for-usage-with-haproxy-open-prosody-im-issue-tracker Unfortunately I can't develop such a module myself or contribute to the code, as I'm not a Lua expert. Are you interested in developing a module for PROXY support, MattJ? :-) Or is there any chance to get someone else motivated regarding this topic?

New comment