Hello, Aleksandar!

Vice versa, actually: Client -> Haproxy -> Squid -> Internet

Here's the situation. Haproxy instance stands in a private network and 
interacts with the Internet through Firewall that performs NAT. Current schema 
looks like this:
Client -> Haproxy -> FW (SNAT) -> Internet

The firewall performs traffic filtering in addition to NAT (security reasons), 
and in its policies it operates by destination hosts IP-addresses, not domain 
names. And the problem comes when backend server hostname changes its 
IP-addresses (e.g. CDN). We must update Firewall configuration with new 
IP-addresses, and there is service downtime before firewall guys will do it. 
And we cannot just open network access from Haproxy to any host in the Internet.

I'm looking for workaround for this. We have a Squid that can proxy HTTP 
requests to the Internet bypassing the Firewall. Also it filters requests by 
domain name. So I wonder if there is any way to proxy client requests to the 
Internet through Squid transparently to client (no configuration on client 
Something like this, but with Haproxy instead of Httpd: 

-----Original Message-----
From: Aleksandar Lazic <al-hapr...@none.at> 
Sent: Wednesday, October 2, 2019 6:24 PM
To: Ахнин Никита Андреевич <n.akh...@cft.ru>; haproxy@formilux.org
Subject: Re: Use haproxy behind Squid

Am 02.10.19 um 13:10 schrieb Akhnin Nikita:
> Hey there!
> Is it possible to use Haproxy behind HTTP proxy like Squid to proxy 
> incoming requests to the Internet through it? It will be awesome if 
> someone will share the configuration example.

Do you mean such a flow?

Internet -> squid -> haproxy -> Client

This statement confuses me a little bit.

> to proxy incoming requests to the Internet

From which point of view is incomming and outgoing?


Reply via email to