Hi Amos,
Thanks for your detailed explanation with config. Now i can see the
XFF IP as a source IP in access log and could block the users from
this.
Thanks a lot.
Regards,
Sekar
On Mon, Apr 2, 2012 at 7:23 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 3/04/2012 1:13 a.m., Sekar Duraisamy wrote:
>>
>> This will allow XFF header from the LB requests to squid. How to block
>> the original users in squid with the XFF information?
>>
>> I mean the ACL configuration please...
>
>
> Exactly as you would if the clients had connected to Squid directly. Using
> the "src" ACL type.
>
> I'm not sure what your confusion is. Have you added the
> follow_x_forwarded_for rules yet and seen what they do?
>
>
>>
>> This is the purpose of XFF header and the follow_x_forwarded_for
>> directive.
>>
>> This config:
>> acl LB src<your LB IP address>
>> follow_x_forwarded_for allow LB
>> follow_x_forwarded_for deny all
>>
>> With the LB setting the XFF header correctly the above will make Squid
>> see
>> and use the IP of clients on other side of the LB.
>>
>> Amos
>
>
Received on Tue Apr 03 2012 - 12:45:09 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 03 2012 - 12:00:02 MDT