Re: [squid-users] acl and upstream proxy, X-Forwarded-For header

From: Henrik Nordstrom <[email protected]>
Date: Mon, 26 Jan 2004 00:36:40 +0100 (CET)

On Sun, 25 Jan 2004, Florian Effenberger wrote:

> When using ACLs that set access controls on an IP basis - which IP counts?
> The one from the querying host (in this case another proxy that queries
> Squid) or is the X-Forwarded-For header used?

Squid does not use the X-Forwarded-For header, unless you use it in an
external acl.

If using custom log formats then the header may also be logged.

> My problem is that I fear that cannot use any ACLs if Squid is not the first
> proxy in the row, but the second one.

There is two options here

a) Build an external acl using the X-Forwarded-For header as input.

b) The follow_xff patch from http://devel.squid-cache.org/

Regards
Henrik
Received on Sun Jan 25 2004 - 16:36:44 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:08 MST