Follow X-Forwarded-For headers

When a request passes through a chain of one or more other proxies before reaching Squid, we sometimes want to examine the X-Forwarded-For headers to find the IP address of the original (or indirect) client, and use the indirect client address in access controls, delay pools and logs.


Contents

Configuration example

The following lines in the squid configuration file (typically "squid.conf") tell squid that the X-Forwarded-For header can be trusted in requests from IP address 127.0.0.1 and from any host in the domain proxy.example.com. The information from the X-Forwarded-For header, if any, will be used instead of the direct client address for the purposes of ACLs, delay pools and logging.

acl localhost src 127.0.0.1
acl my_other_proxy srcdomain .proxy.example.com
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow my_other_proxy
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on

Squid Now! Cache Now! Valid HTML 4.0! SourceForge
$Id: index.html,v 1.2 2003/11/23 14:29:19 apbarrett Exp $