I am enabling proxy protocol on our FortiADC load balancer so that the source IP of the proxy request can be logged. In the current configuration, the address that is logged belongs to the NAT pool used by the load balancer.
proxy_protocol_access allow localnet
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow localnet
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
tproxy_uses_indirect_client off
I added these config settings to configure the proxy_protocol_access. The fortiadc ACL is the IP range of the NAT pool :
acl fortiadc src 10.50.54.0/24
proxy_protocol_access allow fortiadcproxy_protocol_access allow localnet
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow localnet
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
tproxy_uses_indirect_client off
I have updated my http_port line as such :
http_port 3128 require-proxy-header
I am now getting the error :
2019/09/23 16:03:15 kid1| PROXY protocol error: invalid header from local=152.7.114.135:3128 remote=10.50.54.65:5028 FD 12 flags=1
The suggestion was to move to Squid 4 as noted here :
This was back in Oct 2018. Has anything changed since then? Do I need to upgrade to Squid 4? Currently running 3.5.20.
Thanks,
Tom
--
Thomas Karches
NCSU OIT CSI - Systems Specialist
NCSU OIT CSI - Systems Specialist
M.E Student - Technology Education
Hillsborough 319 / 919.515.5508
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
