<div dir="ltr">Thank you, Amos. Taking into account your and Rafael's recommendations, I configured HAProxy and Squid to use the PROXY protocol instead of reformatting the messages.<br>At the moment I disabled authentication, due to internal requirements.<br>I had a hard time dealing with the HAProxy health checks, but I was able to fix it.<br>However, by configuring Squid in this way, I had a last problem that I didn't expect:<br>Squid reports the client's IP to my internet gateway instead of their own IP.<br>It's true, I want to see my clients' IPs in Squid's log; but I want Squid's IP to reach my gateway and not my clients'. This way I can make my clients browse internet only through my proxies.<br><br>I'm really not sure if continuing with this configuration I'm doing will be possible to achieve it.<br>I appreciate in advance any indication you can give me.<br><br><div><br></div><div>haproxy.cfg</div><div>
<div style="color:rgb(212,212,212);background-color:rgb(30,30,30);font-family:Consolas,"Courier New",monospace;font-weight:normal;font-size:14px;line-height:19px;white-space:pre"><div><span style="color:rgb(212,212,212)">global</span></div><div><span style="color:rgb(212,212,212)"> log </span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">dev</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">log local</span><span style="color:rgb(156,220,254)">0</span></div><div><span style="color:rgb(212,212,212)"> log </span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">dev</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">log local</span><span style="color:rgb(156,220,254)">1</span><span style="color:rgb(212,212,212)"> notice</span></div><div><span style="color:rgb(212,212,212)"> chroot </span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">var</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">lib</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">haproxy</span></div><div><span style="color:rgb(212,212,212)"> stats socket </span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">run</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">haproxy</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">admin</span><span style="color:rgb(86,156,214)">.</span><span style="color:rgb(212,212,212)">sock mode </span><span style="color:rgb(156,220,254)">660</span><span style="color:rgb(212,212,212)"> level admin expose</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">fd listeners</span></div><div><span style="color:rgb(212,212,212)"> stats timeout </span><span style="color:rgb(156,220,254)">30</span><span style="color:rgb(212,212,212)">s</span></div><div><span style="color:rgb(212,212,212)"> user haproxy</span></div><div><span style="color:rgb(212,212,212)"> group haproxy</span></div><div><span style="color:rgb(212,212,212)"> daemon</span></div><div><span style="color:rgb(212,212,212)"> maxconn </span><span style="color:rgb(156,220,254)">4000</span></div><div><span style="color:rgb(212,212,212)"> ca</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">base </span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">etc</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">ssl</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">certs</span></div><div><span style="color:rgb(212,212,212)"> crt</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">base </span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">etc</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">ssl</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">private</span></div><div><span style="color:rgb(212,212,212)"> ssl</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">default</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">bind</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">ciphers ECDH</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AESGCM</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)">DH</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AESGCM</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)">ECDH</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AES</span><span style="color:rgb(156,220,254)">256</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)">DH</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AES</span><span style="color:rgb(156,220,254)">256</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)">ECDH</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AES</span><span style="color:rgb(156,220,254)">128</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)">DH</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AES</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)">RSA</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AESGCM</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)">RSA</span><span style="color:rgb(86,156,214)">+</span><span style="color:rgb(212,212,212)">AES</span><span style="color:rgb(86,156,214)">:!</span><span style="color:rgb(212,212,212)">aNULL</span><span style="color:rgb(86,156,214)">:!</span><span style="color:rgb(212,212,212)">MD</span><span style="color:rgb(156,220,254)">5</span><span style="color:rgb(86,156,214)">:!</span><span style="color:rgb(212,212,212)">DSS</span></div><div><span style="color:rgb(212,212,212)"> ssl</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">default</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">bind</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">options no</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">sslv</span><span style="color:rgb(156,220,254)">3</span></div><br><div><span style="color:rgb(212,212,212)">defaults</span></div><div><span style="color:rgb(212,212,212)"> log global</span></div><div><span style="color:rgb(212,212,212)"> mode tcp</span></div><div><span style="color:rgb(212,212,212)"> option tcplog</span></div><div><span style="color:rgb(212,212,212)"> option dontlognull</span></div><div><span style="color:rgb(212,212,212)"> timeout connect </span><span style="color:rgb(156,220,254)">5000</span></div><div><span style="color:rgb(212,212,212)"> timeout client </span><span style="color:rgb(156,220,254)">50000</span></div><div><span style="color:rgb(212,212,212)"> timeout server </span><span style="color:rgb(156,220,254)">50000</span></div><br><div><span style="color:rgb(212,212,212)">frontend squid</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">in</span></div><div><span style="color:rgb(212,212,212)"> bind </span><span style="color:rgb(86,156,214)">*:</span><span style="color:rgb(156,220,254)">3128</span></div><div><span style="color:rgb(212,212,212)"> default</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">backend squid</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">pool</span></div><br><div><span style="color:rgb(212,212,212)">backend squid</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">pool</span></div><div><span style="color:rgb(212,212,212)"> balance source</span></div><div><span style="color:rgb(212,212,212)"> mode tcp</span></div><div><span style="color:rgb(212,212,212)"> server px1 x.x.x.1</span><span style="color:rgb(156,220,254)"></span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(156,220,254)">3128</span><span style="color:rgb(212,212,212)"> check port </span><span style="color:rgb(156,220,254)">8181</span><span style="color:rgb(212,212,212)"> send</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">proxy inter </span><span style="color:rgb(156,220,254)">2000</span><span style="color:rgb(212,212,212)"> rise </span><span style="color:rgb(156,220,254)">2</span><span style="color:rgb(212,212,212)"> fall </span><span style="color:rgb(156,220,254)">3</span>
</div><div><span style="color:rgb(212,212,212)"> server px2 x.x.x.2</span><span style="color:rgb(156,220,254)"></span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(156,220,254)">3128</span><span style="color:rgb(212,212,212)"> check port </span><span style="color:rgb(156,220,254)">8181</span><span style="color:rgb(212,212,212)"> send</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">proxy inter </span><span style="color:rgb(156,220,254)">2000</span><span style="color:rgb(212,212,212)"> rise </span><span style="color:rgb(156,220,254)">2</span><span style="color:rgb(212,212,212)"> fall </span><span style="color:rgb(156,220,254)">3</span></div>
</div>
</div><div><br></div><div><br></div><div>squid.conf</div><div>
<div style="color:rgb(212,212,212);background-color:rgb(30,30,30);font-family:Consolas,"Courier New",monospace;font-weight:normal;font-size:14px;line-height:19px;white-space:pre"><div><span style="color:rgb(212,212,212)">acl localnet src 192.168.12.1-192.168.13.254</span><span style="color:rgb(156,220,254)"></span><span style="color:rgb(212,212,212)"> # my clients IP's</span><span style="color:rgb(106,153,85)"></span></div><div><span style="color:rgb(212,212,212)">acl localnet src </span><span style="color:rgb(156,220,254)">192.168.11.80</span><span style="color:rgb(156,220,254)"></span><span style="color:rgb(212,212,212)"> # haproxy IP</span></div><div><span style="color:rgb(106,153,85)"></span></div><br><div><span style="color:rgb(212,212,212)">acl SSL</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">443</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">80</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># http</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">21</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># ftp</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">443</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># https</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">70</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># gopher</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">210</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># wais</span></div><div><span style="color:rgb(106,153,85)">#acl Safe_ports port 1025-65535 # unregistered ports</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">280</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># http-mgmt</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">488</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># gss-http</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">591</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># filemaker</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">777</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># multiling http</span></div><div><span style="color:rgb(212,212,212)">acl Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports port </span><span style="color:rgb(156,220,254)">8181</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(106,153,85)"># haproxy health checks port</span></div><div><span style="color:rgb(212,212,212)">acl CONNECT method CONNECT</span></div><br><div><span style="color:rgb(106,153,85)"># list of allowed domains</span></div><div><span style="color:rgb(212,212,212)">acl LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">whitedomains dstdomain </span><span style="color:rgb(206,145,120)">"/etc/squid/acl/whitedomains.txt"</span></div><br><div><span style="color:rgb(106,153,85)"># list of bloqued domains</span></div><div><span style="color:rgb(212,212,212)">acl LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">blackdomains dstdomain </span><span style="color:rgb(206,145,120)">"/etc/squid/acl/blackdomains.txt"</span></div><div><span style="color:rgb(212,212,212)">acl LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">malicius dstdomain </span><span style="color:rgb(206,145,120)">"/etc/squid/acl/malicius.txt"</span></div><div><span style="color:rgb(212,212,212)">acl LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">porn dstdomain </span><span style="color:rgb(206,145,120)">"/etc/squid/acl/porn.txt"</span></div><br><div><span style="color:rgb(106,153,85)"># Deny requests to certain unsafe ports</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access deny </span><span style="color:rgb(86,156,214)">!</span><span style="color:rgb(212,212,212)">Safe</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports</span></div><br><div><span style="color:rgb(106,153,85)"># Deny CONNECT to other than secure SSL ports</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access deny CONNECT </span><span style="color:rgb(86,156,214)">!</span><span style="color:rgb(212,212,212)">SSL</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">ports</span></div><br><div><span style="color:rgb(106,153,85)"># Only allow cachemgr access from localhost</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access allow localhost manager</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access deny manager</span></div><br><div><span style="color:rgb(106,153,85)"># We strongly recommend the following be uncommented to protect innocent web applications running on the proxy server who think the only one who can access services on "localhost" is a local user</span></div><div><span style="color:rgb(106,153,85)">#http_access deny to_localhost</span></div><div><span style="color:rgb(106,153,85)">#</span></div><div><span style="color:rgb(106,153,85)"># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS</span></div><div><span style="color:rgb(106,153,85)">#</span></div><div><span style="color:rgb(106,153,85)"># implementation of access list policies </span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access deny LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">blackdomains</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access allow LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">whitedomains</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access deny LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">malicius</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access deny LS</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">porn</span></div><br><div><span style="color:rgb(106,153,85)"># limit downloads to 10 Mb/s to the localnet network</span></div><div><span style="color:rgb(212,212,212)">delay</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">pools </span><span style="color:rgb(156,220,254)">1</span></div><div><span style="color:rgb(212,212,212)">delay</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">class </span><span style="color:rgb(156,220,254)">1</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">2</span></div><div><span style="color:rgb(212,212,212)">delay</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">parameters </span><span style="color:rgb(156,220,254)">1</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">1310720</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(156,220,254)">1966080</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">917504</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(156,220,254)">1310720</span></div><div><span style="color:rgb(212,212,212)">delay</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access </span><span style="color:rgb(156,220,254)">1</span><span style="color:rgb(212,212,212)"> allow localnet</span></div><br><div><span style="color:rgb(106,153,85)"># implementation of core access policies</span></div><div><span style="color:rgb(212,212,212)">proxy</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">protocol</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access allow localnet</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access allow localnet</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access allow localhost</span></div><br><div><span style="color:rgb(106,153,85)"># And finally deny all other access to this proxy</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">access deny all</span></div><br><div><span style="color:rgb(106,153,85)"># Squid normally listens to port 3128</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">port </span><span style="color:rgb(156,220,254)">3128</span><span style="color:rgb(212,212,212)"> require</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">proxy</span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">header</span></div><br><div><span style="color:rgb(106,153,85)"># port used only for haproxy health checks</span></div><div><span style="color:rgb(212,212,212)">http</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">port </span><span style="color:rgb(156,220,254)">8181</span></div><br><div><span style="color:rgb(106,153,85)"># Leave coredumps in the first cache dir</span></div><div><span style="color:rgb(212,212,212)">coredump</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">dir </span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">var</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">spool</span><span style="color:rgb(86,156,214)">/</span><span style="color:rgb(212,212,212)">squid</span></div><br><div><span style="color:rgb(106,153,85)"># Add any of your own refresh_pattern entries above these.</span></div><div><span style="color:rgb(212,212,212)">refresh</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">pattern </span><span style="color:rgb(86,156,214)">^</span><span style="color:rgb(212,212,212)">ftp</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">1440</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">20</span><span style="color:rgb(86,156,214)">%</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">10080</span></div><div><span style="color:rgb(212,212,212)">refresh</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">pattern </span><span style="color:rgb(86,156,214)">^</span><span style="color:rgb(212,212,212)">gopher</span><span style="color:rgb(86,156,214)">:</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">1440</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">0</span><span style="color:rgb(86,156,214)">%</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">1440</span></div><div><span style="color:rgb(212,212,212)">refresh</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">pattern </span><span style="color:rgb(86,156,214)">-</span><span style="color:rgb(212,212,212)">i (/cgi-bin/|\?) </span><span style="color:rgb(156,220,254)">0</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">0</span><span style="color:rgb(86,156,214)">%</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">0</span></div><div><span style="color:rgb(212,212,212)">refresh</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">pattern </span><span style="color:rgb(86,156,214)">.</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">0</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">20</span><span style="color:rgb(86,156,214)">%</span><span style="color:rgb(212,212,212)"> </span><span style="color:rgb(156,220,254)">4320</span></div><br><div><span style="color:rgb(106,153,85)"># squid customization settings</span></div><div><span style="color:rgb(212,212,212)">quick</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">abort</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">min </span><span style="color:rgb(156,220,254)">0</span><span style="color:rgb(212,212,212)"> KB </span></div><div><span style="color:rgb(212,212,212)">quick</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">abort</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">max </span><span style="color:rgb(156,220,254)">0</span><span style="color:rgb(212,212,212)"> KB </span></div><div><span style="color:rgb(212,212,212)">read</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">timeout </span><span style="color:rgb(156,220,254)">5</span><span style="color:rgb(212,212,212)"> minutes </span></div><div><span style="color:rgb(212,212,212)">request</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">timeout </span><span style="color:rgb(156,220,254)">3</span><span style="color:rgb(212,212,212)"> minutes </span></div><div><span style="color:rgb(212,212,212)">shutdown</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">lifetime </span><span style="color:rgb(156,220,254)">0</span><span style="color:rgb(212,212,212)"> seconds </span></div><div><span style="color:rgb(212,212,212)">ipcache</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">size </span><span style="color:rgb(156,220,254)">2048</span><span style="color:rgb(212,212,212)"> </span></div><div><span style="color:rgb(212,212,212)">fqdncache</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">size </span><span style="color:rgb(156,220,254)">4096</span><span style="color:rgb(212,212,212)"> </span></div><div><span style="color:rgb(212,212,212)">cache</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">mgr <a href="mailto:me@tsa.net">me@tsa.net</a></span><span style="color:rgb(212,212,212)"> </span></div><div><span style="color:rgb(212,212,212)">visible</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">hostname px1</span></div><div><span style="color:rgb(212,212,212)">httpd</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">suppress</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">version</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">string on </span></div><div><span style="color:rgb(212,212,212)">forwarded</span><span style="color:rgb(86,156,214)">_</span><span style="color:rgb(212,212,212)">for off</span></div><br></div>
</div><div><br></div><div>Best regards</div><div>Gabriel<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El vie., 9 de ago. de 2019 a la(s) 03:45, Amos Jeffries (<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 9/08/19 1:44 am, neok wrote:<br>
> Hi, I finally did the configuration differently. It's working very well for<br>
> me.<br>
> <br>
<br>
What you are doing is polluting every HTTP message with two new headers.<br>
<br>
The way Rafael suggested is more efficient since the PROXY protocol<br>
details are only delivered at the start of each TCP connection, and HTTP<br>
messages do not need to be reformatted at the LB as they pass.<br>
<br>
Note that Squid will be extending that XFF header itself anyway. But<br>
with your way the LB IP address will be broadcast to the origin(s) in<br>
the XFF header along with the client address. With PROXY protocol Squid<br>
adds only the client address there.<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>