On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote:
> Hello All,
>
> Can create an ACL based on XFF?
Yes.
Now what do you mean by "based on"?
> Since the squid placed after the loadbancer, it will send the XFF and
> LB ip as source ip for all the request. So I want to put ACL based on
> XFF.
>
> Is this possible?
This is the purpose of XFF header and the follow_x_forwarded_for directive.
This config:
acl LB src <your LB IP address>
follow_x_forwarded_for allow LB
follow_x_forwarded_for deny all
With the LB setting the XFF header correctly the above will make Squid
see and use the IP of clients on other side of the LB.
Amos
Received on Mon Apr 02 2012 - 07:33:50 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 02 2012 - 12:00:02 MDT