Hi Amos, Thanks for your detailed explanation with config. Now i can see the XFF IP as a source IP in access log and could block the users from this.
Thanks a lot. Regards, Sekar On Mon, Apr 2, 2012 at 7:23 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 3/04/2012 1:13 a.m., Sekar Duraisamy wrote: >> >> This will allow XFF header from the LB requests to squid. How to block >> the original users in squid with the XFF information? >> >> I mean the ACL configuration please... > > > Exactly as you would if the clients had connected to Squid directly. Using > the "src" ACL type. > > I'm not sure what your confusion is. Have you added the > follow_x_forwarded_for rules yet and seen what they do? > > >> >> This is the purpose of XFF header and the follow_x_forwarded_for >> directive. >> >> This config: >> acl LB src<your LB IP address> >> follow_x_forwarded_for allow LB >> follow_x_forwarded_for deny all >> >> With the LB setting the XFF header correctly the above will make Squid >> see >> and use the IP of clients on other side of the LB. >> >> Amos > >
