I was not expecting this patch due to old emails about the proxy protocol implementation. I understand from the email that after this patch we can use STUNNEL and HAPROXY in-front of squid. right?
+1 (for the idea and looked a bit at the code itself)

Eliezer

On 06/22/2014 08:15 AM, Amos Jeffries wrote:
Support receiving PROXY protocol version 1 and 2.

PROXY protocol has been developed by Willy Tarreau of HAProxy for
communicating original src and dst IP:port details between proxies and
load balancers in a protocol-agnostic way.

stunnel, HAProxy and some other HTTP proxying software are already
enabled and by adding support to Squid we can effectively chain these
proxies without having to rely on X-Forwarded-For headers.

This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
protocol is in use, parsing and processing logics for the PROXY protocol
headers on new connections, and extends the follow_x_forwarded_for
(renamed proxy_forwarded_access) access control to manage inbound
connections.
  The indirect client security/trust model remains unchanged. As do all
HTTP related logics on the connection once PROXY protocol header has
been received.


Furture Work:
  * support sending PROXY protocol to cache_peers
  * rework the PROXY parse logics as a Parser-NG child parser.

Amos

Reply via email to