Hello Stefan,
Thank you for your question, and i hope that we have an AWS expert in this community that may answer your question better.
I am no AWS Expert however , looking at the questions you have, here are some ideas.
- Are there any documents providing detailed configuration of ELB (ALB/NLB) in support of AWS based Blue Coat Proxy SGs
Answer: All of the documentation available for Proxy in AWS what relates to the proxy is
Proxy in AWS Deployment GuideThere are recommendation configuration steps.
- To be installed in HA (dual AZ) mode
Answer: Based on the documentation from our end, the way to sort of get to HA is to have them two or more proxies in the same AWS Load balancing Group, once the AWS load balancer detects if one instance of the proxy is down, then AWS LB will not sent traffic to that Proxy instance until proxy is back online.
Also per the AWS Documentation the Dual AZ mode is more for the Databases Load balancing, i am not sure sure that , an instance of the proxy running in the AWS would qualify as an instance of the database, but again no AWS expert.
- Allow "by-pass" , for systems unable to support authentication, maybe via X-Forwarded-For / preservation of source IP
Answer: If by saying
"by-pass" you mean disabled Authentication using a policy based on XFF header, then yes that is possible , as long as some one downstream from the proxy is actually injecting the XFF Header in to every HTTP and HTTPS request before that request makes it to the proxy, then proxy can see the XFF Header and apply a policy based on it.
I hope the above helps a bit and does not bring more confusion to the table, again sorry no AWS expert just trying to help.
Slava