[squid-users] Logging PROXY Protocol header

Amos Jeffries squid3 at treenet.co.nz
Mon Jan 15 18:48:08 UTC 2018

On 16/01/18 05:26, Bruce R wrote:
> Is it possible to configure Squid to log the details of the PROXY 
> protocol when using it? We're running Squid 3.5.20 in AWS behind a TCP 
> load balancer, which supports forwarding the PROXY protocol header. I'd 
> like to be able to include the client IP as provided in the PROXY 
> protocol header, but I'd be happy to log the entire header as well if 
> necessary. I've spent some time searching for information on this but 
> haven't had any luck so far.

When the PROXY protocol is received the details it supplies replace the 
TCP connection supplied values. That means everything in Squid dealing 
with client-IP or port displays or uses the PROXY values.

In squid.conf add the option "require-proxy-header" on the http_port you 
are receiving traffic from the LB. It is then important that you prevent 
traffic arriving from anywhere else than trusted sources. It is left to 
you to configure your firewall appropriately.

If you really want to see PROXY happening it is recorded in cache.log 
with "debug_options 33,5"


More information about the squid-users mailing list