diff --git a/jobs/haproxy/templates/haproxy.config.erb b/jobs/haproxy/templates/haproxy.config.erb
index 6728bb56..0e52caad 100644
--- a/jobs/haproxy/templates/haproxy.config.erb
+++ b/jobs/haproxy/templates/haproxy.config.erb
@@ -1040,8 +1040,20 @@ listen health_check_http_tcp-<%= tcp_proxy["name"] %>
     bind :<%= tcp_proxy["health_check_http"] %>
     mode http
     monitor-uri /health
+    <%- if p("ha_proxy.accept_proxy") && !p("ha_proxy.disable_health_check_proxy") -%>
+    tcp-request connection expect-proxy layer4 unless LOCALHOST
+    <%- end -%>
+    acl tcp-<%= tcp_proxy["name"] %>-routers_down nbsrv(tcp-<%= tcp_proxy["name"] %>) eq 0
+    monitor fail if tcp-<%= tcp_proxy["name"] %>-routers_down
+
+    <%- if p("ha_proxy.expect_proxy_cidrs", []).size > 0 -%>
+listen health_check_http_tcp-<%= tcp_proxy["name"] %>_proxy_protocol
+    bind :<%= tcp_proxy["health_check_http"] + 1 %> accept-proxy
+    mode http
+    monitor-uri /health
     acl tcp-<%= tcp_proxy["name"] %>-routers_down nbsrv(tcp-<%= tcp_proxy["name"] %>) eq 0
     monitor fail if tcp-<%= tcp_proxy["name"] %>-routers_down
+    <%- end -%>
   <%- end -%>
 <% end -%>
 
diff --git a/spec/haproxy/templates/haproxy_config/frontend_tcp_spec.rb b/spec/haproxy/templates/haproxy_config/frontend_tcp_spec.rb
index 4078655e..79ee43aa 100644
--- a/spec/haproxy/templates/haproxy_config/frontend_tcp_spec.rb
+++ b/spec/haproxy/templates/haproxy_config/frontend_tcp_spec.rb
@@ -85,7 +85,8 @@
           'name' => 'redis',
           'port' => 6379,
           'backend_servers' => ['10.0.0.1', '10.0.0.2'],
-          'ssl' => true
+          'ssl' => true,
+          'health_check_http' => 9095
         }, {
           'name' => 'mysql',
           'port' => 3306,
@@ -135,6 +136,10 @@
         expect(frontend_tcp_mysql).to include('bind :3306')
         expect(frontend_tcp_mysql).to include('tcp-request connection expect-proxy layer4 if { src -f /var/vcap/jobs/haproxy/config/expect_proxy_cidrs.txt }')
       end
+
+      fit 'adds a _proxy_protocol health check' do
+        expect(haproxy_conf['listen health_check_http_tcp-redis_proxy_protocol']).to include('bind :9096 accept-proxy')
+      end
     end
   end
 
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index e50f4dcb..16b6de39 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -59,6 +59,7 @@ def ttar_entry(ttar, path)
 # }
 def parse_haproxy_config(config) # rubocop:disable Metrics/AbcSize
   # remove comments and empty lines
+  # puts config
   config = config.split("\n").reject { |l| l.empty? || l =~ /^\s*#.*$/ }.join("\n")
 
   # split into top-level groups