Squid Proxy behind a Load Balancer on AWS

1 min read 215 words

Squid is a proxy software that allows a computer without internet access to proxy through another computer that does have internet access.

Squid is very easy to get setup and the computer that needs internet just needs to specify environment variables called HTTP_PROXY and HTTPS_PROXY which have the value of http://squid.ip.address:3128/

The complication comes in where you need a Squid instance (sitting on an EC2) to sit behind an AWS load balancer. This is usually done for a number of reasons, such as service redundancy, uptime guarantees or even mitigating against maintenance schedules.

Unfortunately if you try and place an Application Load Balancer (the default?) which uses HTTP in front of Squid, then the hostname is stripped out on all Request Headers sent to Squid. You will end up with an error 400 with a message saying that INVALID_URL=0.

This means you are forced to use a TCP Load Balancer instead. The complication however, is that TCP Load Balancers don’t actually work straight out the box as expected.

The trick here is to use a AWS Classic Load Balancer on TCP 3128 to TCP 3128. If you use a standard TCP balancer then it just times out and if you use a HTTP (ALB) balancer, then it will strip the hostname in the GET requests.

Tags:
Andrew
Andrew

Andrew is a visionary software engineer and DevOps expert with a proven track record of delivering cutting-edge solutions that drive innovation at Ataiva.com. As a leader on numerous high-profile projects, Andrew brings his exceptional technical expertise and collaborative leadership skills to the table, fostering a culture of agility and excellence within the team. With a passion for architecting scalable systems, automating workflows, and empowering teams, Andrew is a sought-after authority in the field of software development and DevOps.

Tags