Search squid archive

Working proxy_protocol_access settings on Squid 3.5 or 4?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am enabling proxy protocol on our FortiADC load balancer so that the source IP of the proxy request can be logged. In the current configuration, the address that is logged belongs to the NAT pool used by the load balancer.

I added these config settings to configure the proxy_protocol_access. The fortiadc ACL is the IP range of the NAT pool :

acl fortiadc src 10.50.54.0/24
proxy_protocol_access allow fortiadc

proxy_protocol_access allow localnet
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow localnet
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
tproxy_uses_indirect_client off

I have updated my http_port line as such :
http_port 3128 require-proxy-header 

I am now getting the error :
2019/09/23 16:03:15 kid1| PROXY protocol error: invalid header from local=152.7.114.135:3128 remote=10.50.54.65:5028 FD 12 flags=1

The suggestion was to move to Squid 4 as noted here :
http://squid-web-proxy-cache.1019090.n4.nabble.com/error-in-parsing-Proxy-protocol-version-2-by-Squid-proxy-protocol-td4686763.html

This was back in Oct 2018. Has anything changed since then? Do I need to upgrade to Squid 4? Currently running 3.5.20.

Thanks,
Tom

--
Thomas Karches
NCSU OIT CSI - Systems Specialist
M.E Student - Technology Education
Hillsborough 319 / 919.515.5508


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux