Renaming to Support PROXY protocol from Amos Jeffries on 2014-07-30 (squid-dev)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 31 Jul 2014 02:04:14 +1200

Renaming the sub-thread to keep discussion going on this aspect.

On 26/07/2014 8:57 p.m., Amos Jeffries wrote:
> On 22/06/2014 5:15 p.m., Amos Jeffries wrote:
>> Support receiving PROXY protocol version 1 and 2.
>>
>> PROXY protocol has been developed by Willy Tarreau of HAProxy for
>> communicating original src and dst IP:port details between proxies and
>> load balancers in a protocol-agnostic way.
>>
>> stunnel, HAProxy and some other HTTP proxying software are already
>> enabled and by adding support to Squid we can effectively chain these
>> proxies without having to rely on X-Forwarded-For headers.
>>
>> This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
>> protocol is in use, parsing and processing logics for the PROXY protocol
>> headers on new connections, and extends the follow_x_forwarded_for
>> (renamed proxy_forwarded_access) access control to manage inbound
>> connections.
>> The indirect client security/trust model remains unchanged. As do all
>> HTTP related logics on the connection once PROXY protocol header has
>> been received.
>>
>>
>> Furture Work:
>> * support sending PROXY protocol to cache_peers
>> * rework the PROXY parse logics as a Parser-NG child parser.
>>
>> Amos
>>
>
>
> So on the table the question of the http_port option name (and derived
> from that the *_access control name).
>
> The contenders so far:
>
> proxy
> surrogate [1]
> proxy-surrogate [1]
> require-PROXY
> expect-PROXY [2]
> require-PROXY-header
> expect-PROXY-header [2]
> forwarded [3]
> proxy-forwarded [3]
> haproxy-protocol[4]
> indirect-client
>
>
> [1] potential naming confusion with Surrogate protocol HTTP extension.
> And Alex objects that it means "nothing" in this squid context.
>
> [2] potential naming confusion with "explicit proxy" terminology
>
> [3] potential naming confusion with "forward proxy" terminology
>
> [4] free advertising for the competition
>
> At this stage it looks like Alexs' "require-proxy-header" is front
> runner for relevance. Probably with "indirect_client" for the access
> control.
>
> Does anyone else have optin names or even just words to throw into the mix?
>
> Amos
>
Received on Wed Jul 30 2014 - 14:04:32 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 30 2014 - 12:00:11 MDT