[squid-users] Working proxy_protocol_access settings on Squid 3.5 or 4?

Tom Karches twk at ncsu.edu
Mon Sep 23 20:14:42 UTC 2019

I am enabling proxy protocol on our FortiADC load balancer so that the
source IP of the proxy request can be logged. In the current configuration,
the address that is logged belongs to the NAT pool used by the load

I added these config settings to configure the proxy_protocol_access. The
fortiadc ACL is the IP range of the NAT pool :

acl fortiadc src
proxy_protocol_access allow fortiadc

proxy_protocol_access allow localnet
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow localnet
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
tproxy_uses_indirect_client off

I have updated my http_port line as such :
http_port 3128 require-proxy-header

I am now getting the error :
2019/09/23 16:03:15 kid1| PROXY protocol error: invalid header from local= remote= FD 12 flags=1

The suggestion was to move to Squid 4 as noted here :

This was back in Oct 2018. Has anything changed since then? Do I need to
upgrade to Squid 4? Currently running 3.5.20.


Thomas Karches
NCSU OIT CSI - Systems Specialist
M.E Student - Technology Education
Hillsborough 319 / 919.515.5508
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190923/2f89b32d/attachment.html>

More information about the squid-users mailing list