Re: [squid-users] ACL based on XFF

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 02 Apr 2012 19:33:45 +1200

On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote:
> Hello All,
>
> Can create an ACL based on XFF?

Yes.

Now what do you mean by "based on"?

> Since the squid placed after the loadbancer, it will send the XFF and
> LB ip as source ip for all the request. So I want to put ACL based on
> XFF.
>
> Is this possible?

This is the purpose of XFF header and the follow_x_forwarded_for directive.

This config:
   acl LB src <your LB IP address>
   follow_x_forwarded_for allow LB
   follow_x_forwarded_for deny all

With the LB setting the XFF header correctly the above will make Squid
see and use the IP of clients on other side of the LB.

Amos
Received on Mon Apr 02 2012 - 07:33:50 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 02 2012 - 12:00:02 MDT