On 5/4/23 13:57, Service MV wrote:
I'm monitoring by SNMP my SQUID nodes using Zabbix 5.2 without problems.
The monitoring is working fine. I clarify that in front of my proxies I
have a HAproxy with proxy protocol enabled.
However in cache.log I have many messages like the following:
PROXY client not permitted by ACLs from local=10.10.8.53:3128
remote=10.10.8.66:54568
FD 888 flags=1
This is the relevant configuration:
# SNMP monitoring with Zabbix
acl zabbix snmp_community zabbix_public
acl zabbix_proxy src 10.10.8.66
snmp_port 3401
snmp_access allow zabbix zabbix_proxy
snmp_access allow zabbix localhost
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0
access_log none zabbix_proxy
access_log daemon:/var/log/squid/4.14/access.log
http_port 3128 require-proxy-header
forwarded_for transparent
acl vip_haproxy src 10.10.8.92
proxy_protocol_access allow vip_haproxy
Could someone tell me what configuration I could do to avoid these messages?
Bugs notwithstanding, something running on 10.10.8.66 is opening TCP
connections to your Squid http_port 3128. That port is configured to
require PROXY protocol connection prefixes. Your Squid is also
configured to only accept such connections from vip_haproxy which does
not match 10.10.8.66. Squid denies http_port connections from
10.10.8.66, and you see the above cache.log messages.
Does this give you enough information to fix the problem?
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
