squidclient and PROXY procotol enabled http_port

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

squidclient and PROXY procotol enabled http_port

Rafael Akchurin
Greetings to everyone,

I have the following deployment:

-         Several Squid nodes configured with "http_port 3128 require-proxy-header"

-         One haproxy what relays TCP connections to nodes

-         squidclient that is run on each node manually

Browsers pointing to haproxy are correctly serviced by Squid nodes. Everything works as expected.
But trying to run squidclient to get mgr:idns results in the following.

    squidclient -v mgr:idns -h 127.0.0.1 -p 3128
    Request:
    GET 3128 HTTP/1.0
    User-Agent: squidclient/3.5.23
    Accept: */*
   Connection: close

Cache_log inidicates:
2018/04/14 10:04:38 kid1| PROXY client not permitted by ACLs from local=[::1]:3128 remote=[::1]:38854 FD 21 flags=1

That is good and fine; but after adding 127.0.0.1 into proxy_protocol_access directive error changes into:

2018/04/14 10:10:10 kid1| PROXY protocol error: invalid header from local=127.0.0.1:3128 remote=127.0.0.1:36648 FD 23 flags=1

Question
------------
Is it possible to ask squidclient to prepend the PROXY header to its request?



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

winmail.dat (23K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: squidclient and PROXY procotol enabled http_port

Amos Jeffries
Administrator
On 14/04/18 20:13, Rafael Akchurin wrote:
> Question
> ------------
> Is it possible to ask squidclient to prepend the PROXY header to its request?
>

It should be relatively easy to add, but has not been coded yet if thats
what you mean. Patches welcome.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: squidclient and PROXY procotol enabled http_port

Eliezer Croitoru
In reply to this post by Rafael Akchurin
Would a nc(netcat) bash based script that will run this kind of request
would be good enough?

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


-----Original Message-----
From: squid-users <[hidden email]> On Behalf Of
Rafael Akchurin
Sent: Saturday, April 14, 2018 11:14
To: squid-users ([hidden email])
<[hidden email]>
Subject: [squid-users] squidclient and PROXY procotol enabled http_port

Greetings to everyone,

I have the following deployment:

-         Several Squid nodes configured with "http_port 3128
require-proxy-header"

-         One haproxy what relays TCP connections to nodes

-         squidclient that is run on each node manually

Browsers pointing to haproxy are correctly serviced by Squid nodes.
Everything works as expected.
But trying to run squidclient to get mgr:idns results in the following.

    squidclient -v mgr:idns -h 127.0.0.1 -p 3128
    Request:
    GET 3128 HTTP/1.0
    User-Agent: squidclient/3.5.23
    Accept: */*
   Connection: close

Cache_log inidicates:
2018/04/14 10:04:38 kid1| PROXY client not permitted by ACLs from
local=[::1]:3128 remote=[::1]:38854 FD 21 flags=1

That is good and fine; but after adding 127.0.0.1 into proxy_protocol_access
directive error changes into:

2018/04/14 10:10:10 kid1| PROXY protocol error: invalid header from
local=127.0.0.1:3128 remote=127.0.0.1:36648 FD 23 flags=1

Question
------------
Is it possible to ask squidclient to prepend the PROXY header to its
request?



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users