Search squid archive

Re: PROXY client not permited by ACLs...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/4/23 13:57, Service MV wrote:

I'm monitoring by SNMP my SQUID nodes using Zabbix 5.2 without problems. The monitoring is working fine. I clarify that in front of my proxies I have a HAproxy with proxy protocol enabled.


However in cache.log I have many messages like the following:
PROXY client not permitted by ACLs from local=10.10.8.53:3128 remote=10.10.8.66:54568 FD 888 flags=1


This is the relevant configuration:

# SNMP monitoring with Zabbix
acl zabbix snmp_community zabbix_public
acl zabbix_proxy src 10.10.8.66
snmp_port 3401
snmp_access allow zabbix zabbix_proxy
snmp_access allow zabbix localhost
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0
access_log none zabbix_proxy
access_log daemon:/var/log/squid/4.14/access.log

http_port 3128 require-proxy-header
forwarded_for transparent

acl vip_haproxy src 10.10.8.92
proxy_protocol_access allow vip_haproxy


Could someone tell me what configuration I could do to avoid these messages?


Bugs notwithstanding, something running on 10.10.8.66 is opening TCP connections to your Squid http_port 3128. That port is configured to require PROXY protocol connection prefixes. Your Squid is also configured to only accept such connections from vip_haproxy which does not match 10.10.8.66. Squid denies http_port connections from 10.10.8.66, and you see the above cache.log messages.

Does this give you enough information to fix the problem?

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux