Re: [squid-users] squidclient and PROXY procotol enabled http_port (solved)
Hello Amos, Eliezer and all, Thanks a lot for your ideas/suggestions. Decided to go easy way: - added another "http_port 127.0.0.1:3128" directive to squid.conf (without require-proxy-header option) - directed squidclient binary to use it Hope no side effects from this configuration. Best regards, Rafael Akchurin Diladele B.V. -- Please take a look at https://www.diladele.com - ICAP web filtering plugin for Squid proxy. From: Rafael Akchurin Sent: Saturday, April 14, 2018 10:14 AM To: squid-users (squid-users@lists.squid-cache.org) Subject: squidclient and PROXY procotol enabled http_port Greetings to everyone, I have the following deployment: - Several Squid nodes configured with "http_port 3128 require-proxy-header" - One haproxy what relays TCP connections to nodes - squidclient that is run on each node manually Browsers pointing to haproxy are correctly serviced by Squid nodes. Everything works as expected. But trying to run squidclient to get mgr:idns results in the following. squidclient -v mgr:idns -h 127.0.0.1 -p 3128 Request: GET 3128 HTTP/1.0 User-Agent: squidclient/3.5.23 Accept: */* Connection: close Cache_log inidicates: 2018/04/14 10:04:38 kid1| PROXY client not permitted by ACLs from local=[::1]:3128 remote=[::1]:38854 FD 21 flags=1 That is good and fine; but after adding 127.0.0.1 into proxy_protocol_access directive error changes into: 2018/04/14 10:10:10 kid1| PROXY protocol error: invalid header from local=127.0.0.1:3128 remote=127.0.0.1:36648 FD 23 flags=1 Question Is it possible to ask squidclient to prepend the PROXY header to its request? <>___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squidclient and PROXY procotol enabled http_port
Would a nc(netcat) bash based script that will run this kind of request would be good enough? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users On Behalf Of Rafael Akchurin Sent: Saturday, April 14, 2018 11:14 To: squid-users (squid-users@lists.squid-cache.org) Subject: [squid-users] squidclient and PROXY procotol enabled http_port Greetings to everyone, I have the following deployment: - Several Squid nodes configured with "http_port 3128 require-proxy-header" - One haproxy what relays TCP connections to nodes - squidclient that is run on each node manually Browsers pointing to haproxy are correctly serviced by Squid nodes. Everything works as expected. But trying to run squidclient to get mgr:idns results in the following. squidclient -v mgr:idns -h 127.0.0.1 -p 3128 Request: GET 3128 HTTP/1.0 User-Agent: squidclient/3.5.23 Accept: */* Connection: close Cache_log inidicates: 2018/04/14 10:04:38 kid1| PROXY client not permitted by ACLs from local=[::1]:3128 remote=[::1]:38854 FD 21 flags=1 That is good and fine; but after adding 127.0.0.1 into proxy_protocol_access directive error changes into: 2018/04/14 10:10:10 kid1| PROXY protocol error: invalid header from local=127.0.0.1:3128 remote=127.0.0.1:36648 FD 23 flags=1 Question Is it possible to ask squidclient to prepend the PROXY header to its request? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squidclient and PROXY procotol enabled http_port
On 14/04/18 20:13, Rafael Akchurin wrote: > Question > > Is it possible to ask squidclient to prepend the PROXY header to its request? > It should be relatively easy to add, but has not been coded yet if thats what you mean. Patches welcome. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
