[squid-dev] Basic tests results for the proxy protocol with squid.
Eliezer Croitoru
eliezer at ngtech.co.il
Fri Mar 13 08:07:58 UTC 2015
I started testing squid 3.5.2 with the proxy protocol and I have setup a
basic haproxy settings for it.
http://ngtech.co.il/paste/1287/
copy of the logs at:
http://www1.ngtech.co.il/paste/1288/
While testing I started first haproxy with regular squid forward proxy
and then moved to a proxy protocol supported forward proxy setup.
While with forward proxy the acls seems to work fine with the proxy
protocol I am encountering couple weird things:
1426233543.491 28 192.168.10.131 TCP_MISS/404 611 GET
http://ngtech.co.il/favico.ico - HIER_DIRECT/84.95.212.160 text/html
1426233562.110 29091 192.168.10.131 TCP_TUNNEL/200 3374 CONNECT
tiles.services.mozilla.com:443 - HIER_DIRECT/54.149.185.208 -
1426233562.119 1 192.168.10.151 TCP_MISS/403 4324 GET
http://ngtech.co.il/favicon.ico - HIER_NONE/- text/html
1426233562.122 5 192.168.10.131 TCP_MISS/403 4461 GET
http://ngtech.co.il/favicon.ico - ORIGINAL_DST/192.168.10.151 text/html
1426233562.259 1 192.168.10.151 TCP_MISS/403 4382 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1426233562.261 3 192.168.10.131 TCP_MISS/403 4519 GET
http://www.squid-cache.org/Artwork/SN.png - ORIGINAL_DST/192.168.10.151
text/html
1426233562.294 1 192.168.10.151 TCP_MISS/403 4306 GET
http://ngtech.co.il/favicon.ico - HIER_NONE/- text/html
1426233562.296 2 192.168.10.131 TCP_MISS/403 4443 GET
http://ngtech.co.il/favicon.ico - ORIGINAL_DST/192.168.10.151 text/html
The first two requests are on the regular forward proxy port.
Then the 403 response is not a TCP_DENIED but I am still watching the
screen and see a squid access denied page which is identified by the
with the local proxy name.
Why would I see an "ORIGINAL_DST" at all in these requests??? there is
none...(else then the haproxy).
So summery of the setup:
1 host with both squid and haproxy installed and configured for proxy
protocol version 1(version 2 didn't worked for me at all)
haproxy listens on one port(13128) and squid on receives the requests on
the loopback interface(port 23128).
I think it's a bug but first I am putting the details here in the dev
list and later next week I will file a bugzilla report.
Eliezer
* I followed the release notes at
http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#ss2.7
More information about the squid-dev
mailing list