[squid-users] X-Forwarded-For + Squid Version 3.0.STABLE8

From: Pieter De Wit <pieter_at_insync.za.net>
Date: Mon, 21 Feb 2011 12:16:46 +1300 (NZDT)

Hi Guys,

I run a reverse proxy for a client. They are using XFF for restricting
certain content to IP.

We have noted that the following doesn't "appear" to work as it should:

header_replace X-Forwarded-For allow all

My understanding is that this will cause squid to replace the XFF header
with it's own "client IP" ?

I see there is various answers about this on the internet so I would like
to know which one applies to this setup.

Here is some more details on the proxy chain:

client -> proxy1 -> proxy2 -> origin web server

Proxy 1 should replace the XFF header no matter what, so that if "client"
is behind a proxy, it doesn't matter.

Proxy 2 should just pass the header as per normal, it doesn't matter if it
adds an IP to the header.

I am looking at replacing these boxes with Debian 6 boxes over the next
week or so, but would really like to nail this one now :)

Thanks,

Pieter
Received on Sun Feb 20 2011 - 23:16:51 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 21 2011 - 12:00:02 MST