Support receiving PROXY protocol version 1 and 2.
PROXY protocol has been developed by Willy Tarreau of HAProxy for
communicating original src and dst IP:port details between proxies and
load balancers in a protocol-agnostic way.
stunnel, HAProxy and some other HTTP proxying software are already
enabled and by adding support to Squid we can effectively chain these
proxies without having to rely on X-Forwarded-For headers.
This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
protocol is in use, parsing and processing logics for the PROXY protocol
headers on new connections, and extends the follow_x_forwarded_for
(renamed proxy_forwarded_access) access control to manage inbound
connections.
The indirect client security/trust model remains unchanged. As do all
HTTP related logics on the connection once PROXY protocol header has
been received.
Furture Work:
* support sending PROXY protocol to cache_peers
* rework the PROXY parse logics as a Parser-NG child parser.
Amos
This archive was generated by hypermail 2.2.0 : Thu Jun 26 2014 - 12:00:13 MDT