[squid-users] Logging PROXY Protocol header
Amos Jeffries
squid3 at treenet.co.nz
Mon Jan 15 18:48:08 UTC 2018
On 16/01/18 05:26, Bruce R wrote:
> Is it possible to configure Squid to log the details of the PROXY
> protocol when using it? We're running Squid 3.5.20 in AWS behind a TCP
> load balancer, which supports forwarding the PROXY protocol header. I'd
> like to be able to include the client IP as provided in the PROXY
> protocol header, but I'd be happy to log the entire header as well if
> necessary. I've spent some time searching for information on this but
> haven't had any luck so far.
When the PROXY protocol is received the details it supplies replace the
TCP connection supplied values. That means everything in Squid dealing
with client-IP or port displays or uses the PROXY values.
In squid.conf add the option "require-proxy-header" on the http_port you
are receiving traffic from the LB. It is then important that you prevent
traffic arriving from anywhere else than trusted sources. It is left to
you to configure your firewall appropriately.
If you really want to see PROXY happening it is recorded in cache.log
with "debug_options 33,5"
Amos
More information about the squid-users
mailing list