git.ipfire.org Git - thirdparty/squid.git/commit

Support receiving PROXY protocol version 1 and 2.

PROXY protocol has been developed by Willy Tarreau of HAProxy for
communicating original src and dst IP:port details between proxies and
load balancers in a protocol-agnostic way.

stunnel, HAProxy and some other HTTP proxying software are already
enabled and by adding support to Squid we can effectively chain these
proxies without having to rely on X-Forwarded-For headers.

This patch adds http_port mode flag (require-proxy-header) to signal the
protocol is in use, parsing and processing logics for the PROXY protocol
headers on new connections, and the proxy_protocol_access control to
manage inbound connections.
The indirect client security/trust model remains unchanged. As do all
HTTP related logics on the connection once PROXY protocol header has
been received.

Furture Work:
* support sending PROXY protocol to cache_peers
* support receiving PROXY protocol on https_port
* rework the PROXY parse logics as a Parser-NG child parser.

author	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 2 Sep 2014 13:35:46 +0000 (06:35 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 2 Sep 2014 13:35:46 +0000 (06:35 -0700)
commit	6e96d41538a60ced489d2d3e226117768d0ceaba
tree	19595f4f0147bdeabfa965f5ede89132e3fffe6e	tree \| snapshot
parent	96ddf779c38f88ddd0437e8a57c1b3f69164df5e	commit \| diff
parent	d2ac5c4db884e53ed7ba49848b7d289e075ff5ce	commit \| diff

doc/release-notes/release-3.5.sgml	diff1 \|	diff2 \|	blob \| history
src/client_side.cc	diff1 \|	diff2 \|	blob \| history