When a request passes through a chain
of one or more other proxies before reaching Squid, we sometimes
want to examine the X-Forwarded-For headers to find the IP address
of the original (or indirect) client, and use the indirect client address
in access controls, delay pools and logs.
Contents
- This project's entry
in the squid projects page.
- Automatically generated patch
relative to the latest sources.
- This patch is relative to the squid-3 development "HEAD"
in the cvs.devel.squid-cache.org repository.
- This patch changes the "configure.in" file, which is an input to
"autoconf". You must run "bootstrap.sh" after applying this
patch, and that will run "autoconf" for you. "autoconf" will
generate a new "configure" script, which will have the new
"--enable-follow-x-forwarded-for" option.
- Patch relative to squid-2.5 branch.
- Date of most recent change: 2003-11-23
- This patch is relative to the s2_5 branch in the
cvs.devel.squid-cache.org repository on the above date.
- This patch changes the "configure.in" file, which is an input to
"autoconf". You must run "bootstrap.sh" after applying this
patch, and that will run "autoconf" for you. "autoconf" will
generate a new "configure" script, which will have the new
"--enable-follow-x-forwarded-for" option.
- Old patch relative to squid-2.4 branch.
- Date of most recent change: 2002-11-19.
- This patch is relative to squid-2.4.STABLE6.
- This patch does not change the "configure.in" file, and does
not add any new options to the "configure" script. Instead, it
adds "#define FOLLOW_X_FORWARDED_FOR 1" to the "autoconf.h.in"
file, which is an output from "autoconf" and an input to the
"configure" script. You may run "autoconf" before applying this
patch, if necessary; and you should run "configure" after aplying
this patch; but you should not run "autoconf" after aplying this
patch, because autoconf will undo the change to "autoconf.h.in".
Configuration example
The following lines in the squid configuration file (typically
"squid.conf") tell squid that the X-Forwarded-For header can be trusted
in requests from IP address 127.0.0.1 and from any host in the domain
proxy.example.com. The information from the X-Forwarded-For header, if
any, will be used instead of the direct client address for the purposes
of ACLs, delay pools and logging.
acl localhost src 127.0.0.1
acl my_other_proxy srcdomain .proxy.example.com
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow my_other_proxy
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
$Id: index.html,v 1.2 2003/11/23 14:29:19 apbarrett Exp $