I was not expecting this patch due to old emails about the proxy
protocol implementation.
I understand from the email that after this patch we can use STUNNEL and
HAPROXY in-front of squid. right?
+1 (for the idea and looked a bit at the code itself)
Eliezer
On 06/22/2014 08:15 AM, Amos Jeffries wrote:
> Support receiving PROXY protocol version 1 and 2.
>
> PROXY protocol has been developed by Willy Tarreau of HAProxy for
> communicating original src and dst IP:port details between proxies and
> load balancers in a protocol-agnostic way.
>
> stunnel, HAProxy and some other HTTP proxying software are already
> enabled and by adding support to Squid we can effectively chain these
> proxies without having to rely on X-Forwarded-For headers.
>
> This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
> protocol is in use, parsing and processing logics for the PROXY protocol
> headers on new connections, and extends the follow_x_forwarded_for
> (renamed proxy_forwarded_access) access control to manage inbound
> connections.
> The indirect client security/trust model remains unchanged. As do all
> HTTP related logics on the connection once PROXY protocol header has
> been received.
>
>
> Furture Work:
> * support sending PROXY protocol to cache_peers
> * rework the PROXY parse logics as a Parser-NG child parser.
>
> Amos
Received on Wed Jun 25 2014 - 16:56:06 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 26 2014 - 12:00:13 MDT