diff --git a/roles/haproxy/templates/http.cfg.j2 b/roles/haproxy/templates/http.cfg.j2
index 577e74a..7032bad 100644
--- a/roles/haproxy/templates/http.cfg.j2
+++ b/roles/haproxy/templates/http.cfg.j2
@@ -2,5 +2,7 @@ frontend http
         log             global
         bind            ${BIND_V4}:80
         bind            ${BIND_V6}:80
+	http-request	set-src src,ipmask(16,56)
+
         use_backend     %[req.hdr(host),lower,map(/usr/local/etc/haproxy/http.map)]
 
diff --git a/roles/haproxy/templates/sni.cfg.j2 b/roles/haproxy/templates/sni.cfg.j2
index 7ce4dc1..19afc23 100644
--- a/roles/haproxy/templates/sni.cfg.j2
+++ b/roles/haproxy/templates/sni.cfg.j2
@@ -3,6 +3,7 @@ frontend sni
 	mode		tcp
 	option		tcplog
 	tcp-request	inspect-delay 5s
+	tcp-request	connection set-src src,ipmask(16,56)
 	tcp-request	content accept if { req_ssl_hello_type 1 }
 
         bind            ${BIND_V4}:443