[squid-dev] How to enable proxy protocol v2 on squid version 4.6.1, and NLB

summaiya summaiya at amazon.co.uk
Fri Jun 21 10:45:33 UTC 2019


Hi All, 

I have deployed EC2 Egress URL Filtering Squid Proxy solution, I have used
AWS PrivateLink to centralize web filtering in explicit mode. Squid proxy
farm is implemented by a Network Load Balancer which distributes TCP
requests across multiple Target Squid proxy instances, running in separate
Availability Zones

My setup is similar to that mentioned in this blog :-
https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-use-aws-privatelink-to-secure-and-scale-web-filtering-using-explicit-proxy/

I have installed Squid version 4.6.1, but the access log do not show the
client ip address, even though I added the below rules:- 
http_port 3128 require-proxy-header
http_port 3128
proxy_protocol_access allow localnet

The proxy settings at the client are below :-
[root at ip-172-16-1-99 ~]# export | grep proxy
declare -x
http_proxy="http://vpce-05a51748abb0bfd68-4e77o32h.vpce-svc-070d1304cc7cc5b5f.eu-west-2.vpce.amazonaws.com:3128"
declare -x
https_proxy="http://vpce-05a51748abb0bfd68-4e77o32h.vpce-svc-070d1304cc7cc5b5f.eu-west-2.vpce.amazonaws.com:3128"
declare -x no_proxy="169.254.169.254

But still the access logs do not show the client ip address, am I missing
something in the solution.Do I have to enable the proxy protocol v2 at NLB
level as welll, will it break the application? 
I checked most of the similar blogs, but I did not find any proper solution.

Squid Access logs :- showing ip address of NLB not client ip address 

[root at ip-10-0-0-193 squid]# cat access.log
1560426278.960      0 10.0.0.17 TAG_NONE/400 4546 NONE error:invalid-request
- HIER_NONE/- text/html
1560426279.647      0 10.0.0.17 TAG_NONE/400 4546 NONE error:invalid-request
- HIER_NONE/- text/html

Kindly provide some steps which I need to take care at squid servers conf
file and at client instance.

Regards
Summaiya 



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Development-f1042840.html


More information about the squid-dev mailing list