On 22/06/2014 5:15 p.m., Amos Jeffries wrote:
> Support receiving PROXY protocol version 1 and 2.
>
> PROXY protocol has been developed by Willy Tarreau of HAProxy for
> communicating original src and dst IP:port details between proxies and
> load balancers in a protocol-agnostic way.
>
> stunnel, HAProxy and some other HTTP proxying software are already
> enabled and by adding support to Squid we can effectively chain these
> proxies without having to rely on X-Forwarded-For headers.
>
> This patch adds http(s)_port mode flag (proxy-surrogate) to signal the
> protocol is in use, parsing and processing logics for the PROXY protocol
> headers on new connections, and extends the follow_x_forwarded_for
> (renamed proxy_forwarded_access) access control to manage inbound
> connections.
> The indirect client security/trust model remains unchanged. As do all
> HTTP related logics on the connection once PROXY protocol header has
> been received.
>
>
> Furture Work:
> * support sending PROXY protocol to cache_peers
> * rework the PROXY parse logics as a Parser-NG child parser.
>
> Amos
>
So on the table the question of the http_port option name (and derived
from that the *_access control name).
The contenders so far:
proxy
surrogate [1]
proxy-surrogate [1]
require-PROXY
expect-PROXY [2]
require-PROXY-header
expect-PROXY-header [2]
forwarded [3]
proxy-forwarded [3]
haproxy-protocol[4]
indirect-client
[1] potential naming confusion with Surrogate protocol HTTP extension.
And Alex objects that it means "nothing" in this squid context.
[2] potential naming confusion with "explicit proxy" terminology
[3] potential naming confusion with "forward proxy" terminology
[4] free advertising for the competition
At this stage it looks like Alexs' "require-proxy-header" is front
runner for relevance. Probably with "indirect_client" for the access
control.
Does anyone else have optin names or even just words to throw into the mix?
Amos
Received on Sat Jul 26 2014 - 08:57:36 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 30 2014 - 12:00:11 MDT