On Mon, 15 Mar 2010 12:15:49 -0500, "Baird, Josh" <jbaird_at_follett.com>
wrote:
> Ok, that sort of worked. I have a pair of load balancers sitting in
> front of my Squid proxy farm. The load balancers insert the
> X-Forwarded-For header into each HTTP request which allows Squid to log
> their connections using their real client source IP (extracted from
> X-Forwarded-For). In reality, the connections to the squid servers are
> being made directly from the load balancers.
>
> When I use log_access to deny logging to the load balancer's IP
> addresses, -nothing- gets logged to access_log. I am attempting to not
> log the "health HTTP checks" from 10.26.100.130/10.26.100.131 but still
> log the other traffic. It doesn't seem that log_access is
> X-Forwarded-For aware? Any ideas?
>
> acl loadbalancers src 10.26.100.130/255.255.255.255
> acl loadbalancers src 10.26.100.131/255.255.255.255
> log_access deny !loadbalancers
Ah, you will require these as well:
# to trust what the load balancers report for XFF
follow_x_forwarded_for allow loadbalancers
# to use the XFF details in the logs
log_uses_indirect_client on
# to use the XFF details in ACL tests
# telling loadbalancer generated requests from relayed
acl_uses_indirect_client on
Amos
Received on Mon Mar 15 2010 - 23:52:01 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 16 2010 - 12:00:03 MDT