Multi Proxy Configuration

The Cloud Agent supports multiple proxy servers defined in the Proxy URL. During the configuration, you can add up to 5 proxy servers to the URL. Each time the Cloud Agent connects to the Qualys Platform, it always uses the first proxy server in the ordered list.

If the connection using the first proxy server fails, the Cloud Agent will failover to the next configured proxy in case of http failures. If the connections using all the configured proxies fail, the Cloud Agent attempts a direct connection to the Qualys Cloud Platform.

Set the ProxyFailOpen parameter to 1 to activate this feature on the newly installed Cloud Agents.

You can use the Configuration Tool to set the proxy order to be sequential or random. The Cloud Agent does not maintain a history of the last proxy server used.

This proxy configuration can be used with the Qualys Gateway Service or third-party proxy servers. The failover proxy servers do not need to be on the same subnet as the first proxy server; as long as the Cloud Agent can connect to other proxy servers on other subnets, the agent will use those proxy server(s) if the first proxy server is not available.

You can configure multiple proxies in any of the files mentioned in the Options for Proxy Configuration section.

Multiple proxies can be configured with qualys_https_proxy or https_proxy environment variables. It is recommended that you provide multiple proxies in the qualys_https_proxy environment variable.

The following example shows how to set multiple proxies:

qualys_https_proxy=”https://[<username>:<password>@]<host1>:<port>;
https://[<username>:<password>@]<host2>:<port>; https://[<username>:<password>@]<host3>:<port>”

The list of proxies must be given in double quotes (“...”) and separated by a semi-colon (;). If ";" is embedded in username/password, you must URL-encode it. You can use the Proxy Encryption Utility to encrypt the username and/or password that you provide to the proxy environment variable.

You can combine multiple proxy certificates into a single file and place it in the same location as earlier /etc/Qualys/cloud-agent/cert/ca-bundle.crt. Ensure that all certificates are valid, or you might get SSL/certificate errors.

 Restart the Cloud Agent to apply the updated proxy server settings.