> Is there a way to enable Pound's ip address as trusted instead of
> enabling "always_trusted". Or is there any other parameter I can set
> so that Perlbal can pass on Pound's X-Forward-For header to the
Look for the 'blind_proxy' (I think it is) setting.
> The configuration we use is:
> SET trusted_upstream_proxies = 10.0.0.0/8
> Afaik you can only list one upstream network though.
I changed that a few months ago, so in the next release that limitation will be gone.
> In this case you could whitelist the IP(s) of the pound server so that its XFF header is trusted, and any other traffic is treated as coming directly from the outside.
The TrustHeader plugin handles the task a little more generically. You can tell it any header name and it'll pass it through if the IP is in the trusted range or remove it if it's not.
> In order to use Perlbal::Plugin::TrustHeader, I have to change role
> from reverse_proxy to web_server. As we use perlbal for load
> balancing, I would not be able to use this plugin.
TrustHeader works fine with reverse_proxy.