Multiple Proxy Server Support in Proxy URL

The Cloud Agent supports multiple proxy servers defined in the Proxy URL. You can include up to five servers.

Each time the Cloud Agent connects to the Qualys Cloud Platform, it always uses the first proxy server in the ordered list.

If the connection using the first proxy server fails, the Cloud Agent tries to the next configured proxy. If the connections using all the configured proxies fail, the Cloud Agent attempts a direct connection to the Qualys Cloud Platform.

You can use a configuration tool to set the proxy order to be sequential or random. The Cloud Agent does not maintain a history of the last proxy server used.

This proxy configuration can be used with the Qualys Gateway Service or third-party proxy servers. The failover proxy servers do not need to be on the same subnet as the first proxy server as long as the Cloud Agent can connect to other proxy servers on other subnets.

Multiple proxies can be configured with qualys_https_proxy or https_proxy environment variables. It is recommended that you provide multiple proxies in the qualys_https_proxy environment variable.

The following example shows how to set multiple proxies:

qualys_https_proxy=”https://[<username>:<password>@]<host1>:<port>; 
https://[<username>:<password>@]<host2>:<port>;https://[<username>:<password>@]<host3>:<port>”

The following snippet shows the multiple proxies without encryption.

The list of proxies must be given in double quotes (“...”) and separated by a semi-colon (;). If the semicolon (;) is embedded in the username/password, you must url-encode it. You can use the Proxy Configuration Encryption Utility to encrypt the user name and/or password that you provide to the proxy environment variable.

The following snippet shows the multiple proxies with encryption.

You can combine multiple proxy certificates into a single file and place it in the same location as earlier: /etc/Qualys/cloud-agent/cert/ca-bundle.crt. Ensure that all certificates are valid; otherwise, you might get SSL/certificate errors.

 You must restart the Cloud Agent after to ensure the updated proxy configuration settings are implemented.