On 26/06/2014 4:53 a.m., Eliezer Croitoru wrote: > I was not expecting this patch due to old emails about the proxy > protocol implementation. > I understand from the email that after this patch we can use STUNNEL and > HAPROXY in-front of squid. right?
Right. stunnel, HAProxy and any other gateway software which supports sending the protocol. I was also not expecting it to happen for a version for two either, but Willy and I got talking about it the other day and when I looked closer the work already done on the parser and client-side cleanup happens to be enough to make it quite a relatively clean and simple addition. Amos > +1 (for the idea and looked a bit at the code itself) > > Eliezer > > On 06/22/2014 08:15 AM, Amos Jeffries wrote: >> Support receiving PROXY protocol version 1 and 2. >> >> PROXY protocol has been developed by Willy Tarreau of HAProxy for >> communicating original src and dst IP:port details between proxies and >> load balancers in a protocol-agnostic way. >> >> stunnel, HAProxy and some other HTTP proxying software are already >> enabled and by adding support to Squid we can effectively chain these >> proxies without having to rely on X-Forwarded-For headers. >> >> This patch adds http(s)_port mode flag (proxy-surrogate) to signal the >> protocol is in use, parsing and processing logics for the PROXY protocol >> headers on new connections, and extends the follow_x_forwarded_for >> (renamed proxy_forwarded_access) access control to manage inbound >> connections. >> The indirect client security/trust model remains unchanged. As do all >> HTTP related logics on the connection once PROXY protocol header has >> been received. >> >> >> Furture Work: >> * support sending PROXY protocol to cache_peers >> * rework the PROXY parse logics as a Parser-NG child parser. >> >> Amos >
