Hello Squid Users,
I am running Squid 3.5.20 in AWS as a forward proxy (http_port 3128) to forward client traffic through a firewall to the Internet.
The proxy works fine when placed behind a Network Load Balancer (NLB). However, when I place Squid behind an Application Load Balancer (ALB) on port 3128, Squid receives malformed requests and logs the following error:
ERR_INVALID_URL
HTTP/400 Bad Request
From my understanding, this happens because ALB only supports HTTP/HTTPS listeners and does not forward raw TCP traffic the way Squid expects on port 3128.
My questions are:
- Is there any Squid configuration that can make it compatible with AWS ALB (which handles HTTP only), while still operating as a forward proxy?
- If not, are there recommended approaches to integrate Squid with AWS WAF (which requires ALB/CloudFront) so that Squid can still function as a forward proxy for outbound client HTTPS traffic?
- Would switching to reverse proxy mode help in this case, or would that break HTTPS CONNECT tunneling?
Environment details:
- Squid 3.5.20
- Deployed in AWS VPC
- Works with NLB, fails with ALB
Thank you for any guidance or suggestions.
Best regards,
TS