Using PROXY protocols enables accurate traffic management, enhances security, and ensures compliance with regulatory requirements.
How PROXY protocol works
When you use a proxy, the proxy re-encapsulates incoming requests and then forwards the requests to the server. In this case, the server cannot obtain the original connection information, such as the client IP address and port.
Once a PROXY protocol is enabled, the acceleration server and the origin server establish a TCP connection. The PROXY protocol header is sent before the actual request data, ensuring that client information is accurately preserved.
Differences between PROXY protocol v1 and v2
The two versions of PROXY protocols mainly differ in format, security, flexibility and suitable use cases.
PROXY protocol v1
ASCII text format.
Has a fixed format with limited extensibility and flexibility.
Supports TCP.
Lacks encryption or authentication, leaving data susceptible to tampering, which is ideal for environments where security is not the main consideration.
PROXY protocol v2
Binary format.
Supports variable lengths and various extensions, offering high flexibility.
Supports TCP and UDP.
Includes TLS handshakes for better security, which is ideal for environments where security is a priority.
Enable PROXY protocol v1 for TCP
For TCP applications using PROXY protocol v1, ESA adds a PROXY protocol v1 header to each inbound TCP connection.
In the ESA console, choose Websites and click the website name you want to manage.
In the left-side navigation pane, choose .
Click Create Application and configure the application parameters. Set the Protocol in the Proxy Rules area to TCP, and set Pass Client IP to PROXY Protocol v1.
Click OK.
PROXY protocol v1 header format
The PROXY protocol adds a plain text header to each connection, providing the client's IP address and port in the following format:
PROXY_STRING + single space + INET_PROTOCOL + single space + CLIENT_IP + single space + PROXY_IP + single space + CLIENT_PORT + single space + PROXY_PORT + "\r\n"Example of a PROXY protocol v1 header for an IPv4 address:
PROXY TCP4 10.10.10.10 192.168.0.1 12345 80\r\nExample of a PROXY protocol v1 header for an IPv6 address:
PROXY TCP6 2001:db8:: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff 12345 443\r\nThe following table describes example values in the header:
Example header value | Description |
PROXY | Protocol header. |
TCP4 | Transmission protocol. |
TCP6 | |
10.10.10.10 | Client originating IP address. |
2001:db8:: | |
192.XXX.0.1 | IP address of the destination server. |
2001:db8:ffff:ffff:ffff:ffff:ffff:ffff | |
12345 | Client source port number. |
80 | Port number of the destination server. |
443 | |
\r\n | End of the header. |
Enable PROXY protocol v2 for TCP
For TCP applications using PROXY protocol v2, ESA adds a PROXY protocol v2 header to each inbound TCP connection.
In the ESA console, choose Websites and click the website name you want to manage.
In the left-side navigation pane, choose .
Click Create Application and configure the application parameters. Set the Protocol in the Proxy Rules area to TCP, and set Pass Client IP to PROXY Protocol v2.
Click OK.
PROXY protocol v2 header format
The PROXY protocol adds a header to each connection to report the client's IP address and port.
PROXY protocol binary header format for an IPv4 address:
PROXY protocol binary header format for an IPv6 address:
