RE: [squid-users] Reverse proxy IP not passing through

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Mon, 17 Mar 2008 00:19:08 +0100

On Fri, 2008-03-14 at 16:28 -0400, saul waizer wrote:

> Recompile squid with this option if you haven't done it so far "
> --enable-follow-x-forwarded-for"
>
> Add these lines to your squid.conf:
>
> forwarded_for on
> follow_x_forwarded_for allow all

No, this is a quite different thing. This makes Squid pick up the client
IP from those headers added by Squid, for use in Squid's access
controls, logging etc.

The X-Forwarded-For header is always added by Squid unless you
explicitly disable it. To make use of the header you need to configure
your web application to look for the header instead of the source IP
(HTTP_X_FORWARDED_FOR instead of REMOTE_ADDRESS in terms of CGI, but
beware of significant syntax differences in the data).

With Squid-2.6 & later it IS possible to install Squid in a manner that
the original client IP is fully transparent. This requires that Squid is
running on the router/gateway between the clients and your web server
(or a complex wccp or policy routing setup making the routers divert all
such traffic via the proxy), and that Squid is running on an Linux
server patched with TPROXY support.

Regards
Henrik
Received on Sun Mar 16 2008 - 17:19:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT