Hello, Aleksandar! Vice versa, actually: Client -> Haproxy -> Squid -> Internet
Here's the situation. Haproxy instance stands in a private network and interacts with the Internet through Firewall that performs NAT. Current schema looks like this: Client -> Haproxy -> FW (SNAT) -> Internet The firewall performs traffic filtering in addition to NAT (security reasons), and in its policies it operates by destination hosts IP-addresses, not domain names. And the problem comes when backend server hostname changes its IP-addresses (e.g. CDN). We must update Firewall configuration with new IP-addresses, and there is service downtime before firewall guys will do it. And we cannot just open network access from Haproxy to any host in the Internet. I'm looking for workaround for this. We have a Squid that can proxy HTTP requests to the Internet bypassing the Firewall. Also it filters requests by domain name. So I wonder if there is any way to proxy client requests to the Internet through Squid transparently to client (no configuration on client side). Something like this, but with Haproxy instead of Httpd: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyremote -----Original Message----- From: Aleksandar Lazic <[email protected]> Sent: Wednesday, October 2, 2019 6:24 PM To: Ахнин Никита Андреевич <[email protected]>; [email protected] Subject: Re: Use haproxy behind Squid Am 02.10.19 um 13:10 schrieb Akhnin Nikita: > Hey there! > > Is it possible to use Haproxy behind HTTP proxy like Squid to proxy > incoming requests to the Internet through it? It will be awesome if > someone will share the configuration example. Do you mean such a flow? Internet -> squid -> haproxy -> Client This statement confuses me a little bit. > to proxy incoming requests to the Internet From which point of view is incomming and outgoing? Regards Aleks
