Re: [squid-users] Forward Squid work with AWS ALB

Fri, 12 Sep 2025 11:42:55 -0700 

On 2025-09-11 23:59, Tan Tang Suan (NCS) wrote:
I am running Squid 3.5.20 in AWS as a forward proxy (http_port 3128) to forward client traffic through a firewall to the Internet. 


The proxy works fine when placed behind a Network Load Balancer (NLB). 
However, when I place Squid behind an Application Load Balancer (ALB) on 
port 3128, Squid receives malformed requests and logs the following error:


   ERR_INVALID_URL

   HTTP/400 Bad Request


 From my understanding, this happens because ALB only supports 
HTTP/HTTPS listeners and does not forward raw TCP traffic the way Squid 
expects on port 3128.



That understanding is incorrect: Squid does _not_ expect raw TCP traffic 
on a forward-proxy http_port. Squid expects HTTP traffic instead.



I do not know what kind of HTTP requests your Squid receives, but I 
suspect that your ALB configuration does not match your Squid 
configuration. If ALB supports forward proxies, configure ALB to forward 
traffic to a forward proxy listening at Squid's http_port address.



If you still have problems, consider sharing a sample problematic 
request received at http_port. If you use any optional http_port 
parameters, please share them as well.




You should also plan to upgrade: Squid v3 is very buggy and unsupported 
by Squid Project. However, the basics described about apply to any Squid 
version.



HTH,

Alex.




My questions are:


1. Is there any Squid configuration that can make it compatible with AWS 
ALB (which handles HTTP only), while still operating as a forward proxy?



2. If not, are there recommended approaches to integrate Squid with AWS 
WAF (which requires ALB/CloudFront) so that Squid can still function as 
a forward proxy for outbound client HTTPS traffic?



3. Would switching to reverse proxy mode help in this case, or would 
that break HTTPS CONNECT tunneling?


Environment details:

- Squid 3.5.20

- Deployed in AWS VPC

- Works with NLB, fails with ALB

Thank you for any guidance or suggestions. Hope to hear from you soon.

Thanks and regards,

Tan Tang Suan

Mobile: 96228330


_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users






















					Reply via email to