Alex, Our current production configuration is squid 3.123 with LVS load balancing. The desired production configuration is 3.5.20 with a FortiADC load balancer. I am working with networking staff on the configuration. If I directly connect to the actual proxy server behind the load balancer, I get :
2019/09/24 11:31:46 kid1| PROXY protocol error: invalid header from local= 152.7.114.8:3128 remote=152.7.148.47:65220 FD 16 flags=1 Relevant squid.conf on the server looks like this : acl fortiadc src 10.50.54.0/24 acl fortiadc src 152.7.148.0/24 <----temporary for testing by going directly to the proxy server and not the load balancer proxy_protocol_access allow fortiadc proxy_protocol_access allow localnet follow_x_forwarded_for allow localhost follow_x_forwarded_for allow localnet acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on tproxy_uses_indirect_client off ... http_port 3128 require-proxy-header I have tried adding the following...it appears to make no difference. http_port 127.0.0.1:3128 So, you are saying that v4 does not contain changes to fix the "PROXY protocol error" and my only option at this point is v5 code? (or fall back to using LVS with 3.5.20) Just trying to understand my options. Thanks, Tom On Mon, Sep 23, 2019 at 4:47 PM Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 9/23/19 4:14 PM, Tom Karches wrote: > > > The suggestion was to move to Squid 4 as noted here : > > > http://squid-web-proxy-cache.1019090.n4.nabble.com/error-in-parsing-Proxy-protocol-version-2-by-Squid-proxy-protocol-td4686763.html > > > > This was back in Oct 2018. Has anything changed since then? > > Yes, the changes I mentioned then have been accepted: > > https://github.com/squid-cache/squid/pull/342 > > The above pull request contained lots of PROXY protocol fixes and > several important improvements. Those changes are not in v4, but master > (future v5) code is available and works well for some. YMMV. > > I do not recall any fixes going back into v3, but I did not check. > > Alex. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- Thomas Karches NCSU OIT CSI - Systems Specialist M.E Student - Technology Education Hillsborough 319 / 919.515.5508
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
