On Fri, 2008-03-14 at 16:28 -0400, saul waizer wrote: > Recompile squid with this option if you haven't done it so far " > --enable-follow-x-forwarded-for" > > Add these lines to your squid.conf: > > forwarded_for on > follow_x_forwarded_for allow all No, this is a quite different thing. This makes Squid pick up the client IP from those headers added by Squid, for use in Squid's access controls, logging etc. The X-Forwarded-For header is always added by Squid unless you explicitly disable it. To make use of the header you need to configure your web application to look for the header instead of the source IP (HTTP_X_FORWARDED_FOR instead of REMOTE_ADDRESS in terms of CGI, but beware of significant syntax differences in the data). With Squid-2.6 & later it IS possible to install Squid in a manner that the original client IP is fully transparent. This requires that Squid is running on the router/gateway between the clients and your web server (or a complex wccp or policy routing setup making the routers divert all such traffic via the proxy), and that Squid is running on an Linux server patched with TPROXY support. Regards Henrik
