'[squid-dev] How to enable proxy protocol v2 on squid version 4.6.1, and NLB'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-dev
Subject:    [squid-dev] How to enable proxy protocol v2 on squid version 4.6.1, and NLB
From:       summaiya <summaiya () amazon ! co ! uk>
Date:       2019-06-21 10:45:33
Message-ID: 1561113933803-0.post () n4 ! nabble ! com
[Download RAW message or body]

Hi All, 

I have deployed EC2 Egress URL Filtering Squid Proxy solution, I have used
AWS PrivateLink to centralize web filtering in explicit mode. Squid proxy
farm is implemented by a Network Load Balancer which distributes TCP
requests across multiple Target Squid proxy instances, running in separate
Availability Zones

My setup is similar to that mentioned in this blog :-
https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-use-aws-privatelink-to-secure-and-scale-web-filtering-using-explicit-proxy/


I have installed Squid version 4.6.1, but the access log do not show the
client ip address, even though I added the below rules:- 
http_port 3128 require-proxy-header
http_port 3128
proxy_protocol_access allow localnet

The proxy settings at the client are below :-
[root@ip-172-16-1-99 ~]# export | grep proxy
declare -x
http_proxy="http://vpce-05a51748abb0bfd68-4e77o32h.vpce-svc-070d1304cc7cc5b5f.eu-west-2.vpce.amazonaws.com:3128"
 declare -x
https_proxy="http://vpce-05a51748abb0bfd68-4e77o32h.vpce-svc-070d1304cc7cc5b5f.eu-west-2.vpce.amazonaws.com:3128"
 declare -x no_proxy="169.254.169.254

But still the access logs do not show the client ip address, am I missing
something in the solution.Do I have to enable the proxy protocol v2 at NLB
level as welll, will it break the application? 
I checked most of the similar blogs, but I did not find any proper solution.

Squid Access logs :- showing ip address of NLB not client ip address 

[root@ip-10-0-0-193 squid]# cat access.log
1560426278.960      0 10.0.0.17 TAG_NONE/400 4546 NONE error:invalid-request
- HIER_NONE/- text/html
1560426279.647      0 10.0.0.17 TAG_NONE/400 4546 NONE error:invalid-request
- HIER_NONE/- text/html

Kindly provide some steps which I need to take care at squid servers conf
file and at client instance.

Regards
Summaiya 



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Development-f1042840.html
 _______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic