I was not expecting this patch due to old emails about the proxy
protocol implementation.
I understand from the email that after this patch we can use STUNNEL and
HAPROXY in-front of squid. right?
+1 (for the idea and looked a bit at the code itself)
Eliezer
On 06/22/2014 08:15 AM, Amos Jeffries wrote:
Support receiving PROXY protocol version 1 and 2.
PROXY protocol has been developed by Willy Tarreau of HAProxy for
communicating original src and dst IP:port details between proxies and
load balancers in a protocol-agnostic way.
stunnel, HAProxy and some other HTTP proxying software are already
enabled and by adding support to Squid we can effectively chain these
proxies without having to rely on X-Forwarded-For headers.
This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
protocol is in use, parsing and processing logics for the PROXY protocol
headers on new connections, and extends the follow_x_forwarded_for
(renamed proxy_forwarded_access) access control to manage inbound
connections.
The indirect client security/trust model remains unchanged. As do all
HTTP related logics on the connection once PROXY protocol header has
been received.
Furture Work:
* support sending PROXY protocol to cache_peers
* rework the PROXY parse logics as a Parser-NG child parser.
Amos