Re: squidclient and PROXY procotol enabled http_port (solved)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Re: squidclient and PROXY procotol enabled http_port (solved)

Rafael Akchurin
Hello Amos, Eliezer and all,

Thanks a lot for your ideas/suggestions. Decided to go easy way:

-         added another "http_port" directive to squid.conf (without require-proxy-header option)

-         directed squidclient binary to use it

Hope no side effects from this configuration.

Best regards,
Rafael Akchurin
Diladele B.V.

Please take a look at - ICAP web filtering plugin for Squid proxy.

From: Rafael Akchurin
Sent: Saturday, April 14, 2018 10:14 AM
To: squid-users ([hidden email]) <[hidden email]>
Subject: squidclient and PROXY procotol enabled http_port

Greetings to everyone,

I have the following deployment:

-         Several Squid nodes configured with "http_port 3128 require-proxy-header"

-         One haproxy what relays TCP connections to nodes

-         squidclient that is run on each node manually

Browsers pointing to haproxy are correctly serviced by Squid nodes. Everything works as expected.
But trying to run squidclient to get mgr:idns results in the following.

    squidclient -v mgr:idns -h -p 3128
    GET 3128 HTTP/1.0
    User-Agent: squidclient/3.5.23
    Accept: */*
   Connection: close

Cache_log inidicates:
2018/04/14 10:04:38 kid1| PROXY client not permitted by ACLs from local=[::1]:3128 remote=[::1]:38854 FD 21 flags=1

That is good and fine; but after adding into proxy_protocol_access directive error changes into:

2018/04/14 10:10:10 kid1| PROXY protocol error: invalid header from local= remote= FD 23 flags=1

Is it possible to ask squidclient to prepend the PROXY header to its request?

squid-users mailing list
[hidden email]

winmail.dat (30K) Download Attachment