|
Search squid archive
|
|
Re: ACL based on XFF | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Hi Amos, Thanks for your detailed explanation with config. Now i can see the XFF IP as a source IP in access log and could block the users from this. Thanks a lot. Regards, Sekar On Mon, Apr 2, 2012 at 7:23 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 3/04/2012 1:13 a.m., Sekar Duraisamy wrote: >> >> This will allow XFF header from the LB requests to squid. How to block >> the original users in squid with the XFF information? >> >> I mean the ACL configuration please... > > > Exactly as you would if the clients had connected to Squid directly. Using > the "src" ACL type. > > I'm not sure what your confusion is. Have you added the > follow_x_forwarded_for rules yet and seen what they do? > > >> >> This is the purpose of XFF header and the follow_x_forwarded_for >> directive. >> >> This config: >> acl LB src<your LB IP address> >> follow_x_forwarded_for allow LB >> follow_x_forwarded_for deny all >> >> With the LB setting the XFF header correctly the above will make Squid >> see >> and use the IP of clients on other side of the LB. >> >> Amos > >
[Linux Audio Users] [Photo] [Yosemite News] [Samba] [Video Projectors] [Video Devices] [Big List of Linux Books] [LCD TVs] [Webcams] [Linux USB]
|