[squid-dev] How to enable proxy protocol v2 on squid version 4.6.1, and NLB
summaiya
summaiya at amazon.co.uk
Fri Jun 21 10:45:33 UTC 2019
Hi All,
I have deployed EC2 Egress URL Filtering Squid Proxy solution, I have used
AWS PrivateLink to centralize web filtering in explicit mode. Squid proxy
farm is implemented by a Network Load Balancer which distributes TCP
requests across multiple Target Squid proxy instances, running in separate
Availability Zones
My setup is similar to that mentioned in this blog :-
https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-use-aws-privatelink-to-secure-and-scale-web-filtering-using-explicit-proxy/
I have installed Squid version 4.6.1, but the access log do not show the
client ip address, even though I added the below rules:-
http_port 3128 require-proxy-header
http_port 3128
proxy_protocol_access allow localnet
The proxy settings at the client are below :-
[root at ip-172-16-1-99 ~]# export | grep proxy
declare -x
http_proxy="http://vpce-05a51748abb0bfd68-4e77o32h.vpce-svc-070d1304cc7cc5b5f.eu-west-2.vpce.amazonaws.com:3128"
declare -x
https_proxy="http://vpce-05a51748abb0bfd68-4e77o32h.vpce-svc-070d1304cc7cc5b5f.eu-west-2.vpce.amazonaws.com:3128"
declare -x no_proxy="169.254.169.254
But still the access logs do not show the client ip address, am I missing
something in the solution.Do I have to enable the proxy protocol v2 at NLB
level as welll, will it break the application?
I checked most of the similar blogs, but I did not find any proper solution.
Squid Access logs :- showing ip address of NLB not client ip address
[root at ip-10-0-0-193 squid]# cat access.log
1560426278.960 0 10.0.0.17 TAG_NONE/400 4546 NONE error:invalid-request
- HIER_NONE/- text/html
1560426279.647 0 10.0.0.17 TAG_NONE/400 4546 NONE error:invalid-request
- HIER_NONE/- text/html
Kindly provide some steps which I need to take care at squid servers conf
file and at client instance.
Regards
Summaiya
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Development-f1042840.html
More information about the squid-dev
mailing list