Logging PROXY Protocol header

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Logging PROXY Protocol header

Bruce Pennypacker
Is it possible to configure Squid to log the details of the PROXY
protocol when using it? We're running Squid 3.5.20 in AWS behind a TCP
load balancer, which supports forwarding the PROXY protocol header. I'd
like to be able to include the client IP as provided in the PROXY
protocol header, but I'd be happy to log the entire header as well if
necessary. I've spent some time searching for information on this but
haven't had any luck so far.

Thanks,

-Bruce


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Logging PROXY Protocol header

Amos Jeffries
Administrator
On 16/01/18 05:26, Bruce R wrote:
> Is it possible to configure Squid to log the details of the PROXY
> protocol when using it? We're running Squid 3.5.20 in AWS behind a TCP
> load balancer, which supports forwarding the PROXY protocol header. I'd
> like to be able to include the client IP as provided in the PROXY
> protocol header, but I'd be happy to log the entire header as well if
> necessary. I've spent some time searching for information on this but
> haven't had any luck so far.

When the PROXY protocol is received the details it supplies replace the
TCP connection supplied values. That means everything in Squid dealing
with client-IP or port displays or uses the PROXY values.

In squid.conf add the option "require-proxy-header" on the http_port you
are receiving traffic from the LB. It is then important that you prevent
traffic arriving from anywhere else than trusted sources. It is left to
you to configure your firewall appropriately.


If you really want to see PROXY happening it is recorded in cache.log
with "debug_options 33,5"

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users