Proxy Protocol is a networking standard that preserves the original client IP address and port information when traffic passes through one or more proxy layers. Without it, a destination server would only see the IP address of the last proxy in the chain.
When a connection passes through a load balancer or proxy that uses Proxy Protocol, it adds a small header at the start of the connection containing the original client IP address and port. The receiving server reads this header before processing the rest of the connection, allowing it to log or act on the true originating IP even though the network connection technically comes from the proxy. This differs from relying on HTTP headers like X-Forwarded-For, since Proxy Protocol works at a lower network level and can support non-HTTP traffic as well. Both ends of the connection need to support Proxy Protocol for it to work correctly, since a server expecting a Proxy Protocol header will misread the connection if the sender does not include one.
Most proxy users only need to understand this well enough to debug it, not configure it directly.
USER-country-de-session-task01The username carries the config: "country-de" picks the exit, "session-task01" holds it in place while Proxy Protocol does its work underneath. No separate API call or handshake -- the label is the setting.
Measure this metric without a proxy first, so you know what the gateway adds versus what was already there.
This concept governs the connection to the gateway and the gateway to the target -- check both when something looks wrong.
KnoxProxy manages this at the infrastructure layer, so most jobs only need to understand it well enough to debug.
A new ISP, VPN, or office network can change how this behaves -- confirm it again after any local network change.
A hosting company enables Proxy Protocol on its load balancers so backend servers can log the real visitor IP address instead of the IP address of the load balancer itself.
Proxy Protocol matters for anyone running infrastructure with multiple proxy or load balancer layers, since it keeps accurate IP information available for logging, security, and geolocation decisions. Without it, systems behind a proxy chain lose visibility into where traffic is actually coming from.
They serve a similar purpose but work at different levels. X-Forwarded-For is an HTTP header added within web traffic, while Proxy Protocol operates at the network connection level and can work with non-HTTP traffic too.
If the sender includes a Proxy Protocol header but the receiver does not expect one, the connection data gets misread and usually fails. Both the proxy and the backend server need matching Proxy Protocol configuration to work properly.
Ready to put this into practice? Read the Docs
Start a free trial and test with real targets -- no credit card, no sales call.