Squid + Proxy Protocol v2 + TLV

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid + Proxy Protocol v2 + TLV

REED, JOHN
I am using Proxy Protocol V2 and I'm able to use the ACLs in the squid proxy to route my traffic based on a source IP and destination IP/URL.

I have a use case where I may not have source IP uniqueness, however I will have a unique identifier within the custom TLV field within the proxy protocol v2 header, i.e. the link id from Azure private link.

I wanted to reach out and see if any work was being done on squid supporting routing based on this custom TLV field. I have done extensive searching online and I do see where logging this TLV is supported in version 5, but I haven't found anything about routing/ACLs based on the TLV field.

Thanks,

John Reed
Cloud Security Architect
AT&T

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid + Proxy Protocol v2 + TLV

Alex Rousskov
On 3/18/20 1:22 PM, REED, JOHN wrote:

> I wanted to reach out and see if any work was being done on squid
> supporting routing based on this custom TLV field. I have done
> extensive searching online and I do see where logging this TLV is
> supported in version 5, but I haven't found anything about
> routing/ACLs based on the TLV field.

IIRC, nobody contributed or sponsored direct ACL support for PROXY TLVs,
but TLVs can be analyzed in v5 external ACLs: External ACL requests
support logformat %codes, such as %proxy_protocol::>h. Please see v5
documentation for the external_acl_type directive.

HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users