Documentation

Introduction

The Maverick Synergy Server supports the PROXY protocol V1 for updating client IP addresses when the server is deployed behind a supporting load balancer. When enabled, the load balancer can send the PROXY directive to provide the server with the current connections’ external IP address. This ensures that features that rely on the user’s IP address function correctly in a load-balanced environment.

Configuration

As of version 3.0.8, the protocol is disabled by default. If you are using 3.0.7, you should upgrade as it could potentially lead to a user spoofing their IP address.

To enable support, you should first configure your SshContext

sshContext.getPolicy(LoadBalancer.class).setProxyProtocolEnabled(true);Code language: CSS (css)

This will enable restricted support; it is not enough to use this alone. You should also supply the IP addresses of servers that may submit the proxy protocol directive.

sshContext.getPolicy(LoadBalancer.class).allowIPAddress("192.168.2.9");Code language: CSS (css)

If your server is sufficiently protected and only supports connections from your load balancers, you can disable the IP restriction using the code instead.

sshContext.getPolicy(LoadBalancer.class).setRestrictedAccess(false);Code language: CSS (css)