1. In addition to mode tcp, you would also have to use transparent mode in haproxy instead of having a firewall forward it to haproxy (unless by firewall, he was planning on running tproxy mode on the same box), otherwise the destination IP addresses would still be lost when going from firewall to port 8080 on haproxy...
2. Last I tried, logging in haproxy didn't keep track of all the IP and port numbers required to piece the streams back together to original source from a final destination, so not really as-is... but that would be a relatively easy change... and also assumes you have full logging in the firewall that forwards to haproxy... and can easily merge the two logs... From: XANi [mailto:[email protected]] Sent: Wednesday, November 04, 2009 8:30 AM To: John Lauro Cc: 'Dave'; [email protected] Subject: Re: Using HAProxy In Place of WCCP On Wed, 4 Nov 2009 06:58:32 -0500, "John Lauro" <[email protected]> wrote: > I see two potential issues (which may or may not be important for > you). > > > > 1. Non http 1.1 clients may have trouble (ie: they don't send > the host on the URL request, or if they are not really http but using > port 80). Yeah, for that to work you would have to use TCP mode so no tricks like hashing by URL to improve cache hit rate > 2. Back tracking if you get a complaint from some website (ie: > RIAA complaint) is going to be near impossible of determining who > accessed whatever. Wouldn't loggin in haproxy solve that ? Regards Mariusz
