[squid-users] PROXY client not permited by ACLs...

Service MV service.mv at gmail.com
Fri May 5 15:13:00 UTC 2023 

Thanks Alex, with this information I was able to solve the problem.

Best regards.

El jue, 4 de may de 2023, 17:31, Alex Rousskov <
rousskov at measurement-factory.com> escribió:

> On 5/4/23 13:57, Service MV wrote:
>
> > I'm monitoring by SNMP my SQUID nodes using Zabbix 5.2 without problems.
> > The monitoring is working fine. I clarify that in front of my proxies I
> > have a HAproxy with proxy protocol enabled.
>
>
> > However in cache.log I have many messages like the following:
> > PROXY client not permitted by ACLs from local=10.10.8.53:3128
> > remote=10.10.8.66:54568
> > FD 888 flags=1
>
>
> > This is the relevant configuration:
> >
> > # SNMP monitoring with Zabbix
> > acl zabbix snmp_community zabbix_public
> > acl zabbix_proxy src 10.10.8.66
> > snmp_port 3401
> > snmp_access allow zabbix zabbix_proxy
> > snmp_access allow zabbix localhost
> > snmp_access deny all
> > snmp_incoming_address 0.0.0.0
> > snmp_outgoing_address 0.0.0.0
> > access_log none zabbix_proxy
> > access_log daemon:/var/log/squid/4.14/access.log
> >
> > http_port 3128 require-proxy-header
> > forwarded_for transparent
> >
> > acl vip_haproxy src 10.10.8.92
> > proxy_protocol_access allow vip_haproxy
>
>
> > Could someone tell me what configuration I could do to avoid these
> messages?
>
>
> Bugs notwithstanding, something running on 10.10.8.66 is opening TCP
> connections to your Squid http_port 3128. That port is configured to
> require PROXY protocol connection prefixes. Your Squid is also
> configured to only accept such connections from vip_haproxy which does
> not match 10.10.8.66. Squid denies http_port connections from
> 10.10.8.66, and you see the above cache.log messages.
>
> Does this give you enough information to fix the problem?
>
> Alex.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230505/caea2e16/attachment.htm>

More information about the squid-users mailing list