[squid-users] Working proxy_protocol_access settings on Squid 3.5 or 4?
Tom Karches
twk at ncsu.edu
Mon Sep 23 20:14:42 UTC 2019
I am enabling proxy protocol on our FortiADC load balancer so that the
source IP of the proxy request can be logged. In the current configuration,
the address that is logged belongs to the NAT pool used by the load
balancer.
I added these config settings to configure the proxy_protocol_access. The
fortiadc ACL is the IP range of the NAT pool :
acl fortiadc src 10.50.54.0/24
proxy_protocol_access allow fortiadc
proxy_protocol_access allow localnet
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow localnet
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
tproxy_uses_indirect_client off
I have updated my http_port line as such :
http_port 3128 require-proxy-header
I am now getting the error :
2019/09/23 16:03:15 kid1| PROXY protocol error: invalid header from local=
152.7.114.135:3128 remote=10.50.54.65:5028 FD 12 flags=1
The suggestion was to move to Squid 4 as noted here :
http://squid-web-proxy-cache.1019090.n4.nabble.com/error-in-parsing-Proxy-protocol-version-2-by-Squid-proxy-protocol-td4686763.html
This was back in Oct 2018. Has anything changed since then? Do I need to
upgrade to Squid 4? Currently running 3.5.20.
Thanks,
Tom
--
Thomas Karches
NCSU OIT CSI - Systems Specialist
M.E Student - Technology Education
Hillsborough 319 / 919.515.5508
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190923/2f89b32d/attachment.html>
More information about the squid-users
mailing list