Load balance squid forward proxy with SNAT
Hi All, Obligatory first post thank you to everyone on Devcentral, This is by far the best vendor help site... thanks to Joe Pruitt its also a wicked Powershell wiki ;)
Is anyone load balancing squid in the following way, and have you ever ran into issues with the HTTPS CONNECT method through a "standard" F5 VIP with http profile enabled? I've read of issues for pre 10.x software but haven't seen any problems thus far. Retaining the ability to apply irules is ideal.
Load balanced pool of squid servers running in non-transparent mode, this is behind a VIP using SNAT. To ensure our squid ACL's still work behind SNAT the following needs to be added to squid.conf
acl bigip_stage src 10.26.6.1
follow_x_forwarded_for allow bigip_stage
Squid by default follows the indirect IP instead of real IP (if follow_x_forwarded_for is allowed for the client address
- Irule adds XFF or overwrites if already present.
- No persistence configured
- BigIP Version: 11.4
Thanks for the assistance