Re: [squid-users] Why is follow_x_forwarded_for not used for ICAP ? Or is it?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 19 Jan 2010 21:06:01 +1300

Michael Portz wrote:
> My scenario is the following:
>
> The original accesses from our LAN hit on the first-level squid.
> Doing some basic load-balancing the requests are forwarded to several
> parent-squids. Each of these contact various ICAP-servers for
> modifications of the request.
>
> The problem: several decisions of the ICAP-server should be based on
> the original clients IP-address. Alas, given the scenario above, it
> only can be based on the outgoing IP address of the first-level
> proxy. The configuration option follow_x_forwarded_for does right the
> thing, but "only" access_control, delay pools and logging are
> explicitly stated as applications. Does it work for icap, too? Or is
> something like this in the development queue?
>
> The all-over squid version is 3.0.STABLE21.
>
> Regards Michael

Strange. 3.0 does not even have a follow_x_forwarded_for option. That
was added to Squid-3.1.

The one in 3.1 has several known problems such as the ICAP lack you
cite. http://bugs.squid-cache.org/show_bug.cgi?id=2731
I'm hoping to fix XFF by next release. Certainly before it goes stable.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
   Current Beta Squid 3.1.0.15
Received on Tue Jan 19 2010 - 08:06:39 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 19 2010 - 12:00:03 MST