Re: [PATCH] Support PROXY protocol

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 26 Jul 2014 20:57:14 +1200

On 22/06/2014 5:15 p.m., Amos Jeffries wrote:
> Support receiving PROXY protocol version 1 and 2.
>
> PROXY protocol has been developed by Willy Tarreau of HAProxy for
> communicating original src and dst IP:port details between proxies and
> load balancers in a protocol-agnostic way.
>
> stunnel, HAProxy and some other HTTP proxying software are already
> enabled and by adding support to Squid we can effectively chain these
> proxies without having to rely on X-Forwarded-For headers.
>
> This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
> protocol is in use, parsing and processing logics for the PROXY protocol
> headers on new connections, and extends the follow_x_forwarded_for
> (renamed proxy_forwarded_access) access control to manage inbound
> connections.
> The indirect client security/trust model remains unchanged. As do all
> HTTP related logics on the connection once PROXY protocol header has
> been received.
>
>
> Furture Work:
> * support sending PROXY protocol to cache_peers
> * rework the PROXY parse logics as a Parser-NG child parser.
>
> Amos
>

So on the table the question of the http_port option name (and derived
from that the *_access control name).

The contenders so far:

  proxy
  surrogate [1]
  proxy-surrogate [1]
  require-PROXY
  expect-PROXY [2]
  require-PROXY-header
  expect-PROXY-header [2]
  forwarded [3]
  proxy-forwarded [3]
  haproxy-protocol[4]
  indirect-client

[1] potential naming confusion with Surrogate protocol HTTP extension.
And Alex objects that it means "nothing" in this squid context.

[2] potential naming confusion with "explicit proxy" terminology

[3] potential naming confusion with "forward proxy" terminology

[4] free advertising for the competition

At this stage it looks like Alexs' "require-proxy-header" is front
runner for relevance. Probably with "indirect_client" for the access
control.

Does anyone else have optin names or even just words to throw into the mix?

Amos
Received on Sat Jul 26 2014 - 08:57:36 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 30 2014 - 12:00:11 MDT