Re: [PATCH] Support PROXY protocol

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 26 Jun 2014 17:28:11 +1200

On 26/06/2014 4:53 a.m., Eliezer Croitoru wrote:
> I was not expecting this patch due to old emails about the proxy
> protocol implementation.
> I understand from the email that after this patch we can use STUNNEL and
> HAPROXY in-front of squid. right?

Right. stunnel, HAProxy and any other gateway software which supports
sending the protocol.

I was also not expecting it to happen for a version for two either, but
Willy and I got talking about it the other day and when I looked closer
the work already done on the parser and client-side cleanup happens to
be enough to make it quite a relatively clean and simple addition.

Amos

> +1 (for the idea and looked a bit at the code itself)
>
> Eliezer
>
> On 06/22/2014 08:15 AM, Amos Jeffries wrote:
>> Support receiving PROXY protocol version 1 and 2.
>>
>> PROXY protocol has been developed by Willy Tarreau of HAProxy for
>> communicating original src and dst IP:port details between proxies and
>> load balancers in a protocol-agnostic way.
>>
>> stunnel, HAProxy and some other HTTP proxying software are already
>> enabled and by adding support to Squid we can effectively chain these
>> proxies without having to rely on X-Forwarded-For headers.
>>
>> This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
>> protocol is in use, parsing and processing logics for the PROXY protocol
>> headers on new connections, and extends the follow_x_forwarded_for
>> (renamed proxy_forwarded_access) access control to manage inbound
>> connections.
>> The indirect client security/trust model remains unchanged. As do all
>> HTTP related logics on the connection once PROXY protocol header has
>> been received.
>>
>>
>> Furture Work:
>> * support sending PROXY protocol to cache_peers
>> * rework the PROXY parse logics as a Parser-NG child parser.
>>
>> Amos
>
Received on Thu Jun 26 2014 - 05:28:19 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 26 2014 - 12:00:13 MDT