howard chen wrote:
Hi, This is my current setup in using squid3 as reverse proxy: browser (e.g. 202.182.201.3) <----> squid3 stable6 <----> apache 1.3.37 (PHP) My PHP will get the user IP by HTTP_X_FORWARDED_FOR ENV variable. (setting squid.conf: forwarded_for on) There are 2 cases: 1. Normal case, my program can get the real IP of "202.182.201.3" 2. Cheating case, if user send a request already contains header of "X_FORWARDED_FOR", my program will be cheated by the client and the IP can be any specified by client. Now, my idea is to block the request header, e.g. request_header_access X_FORWARDED_FOR deny all But it end up with: parse_http_header_access: unknown header name 'X_FORWARDED_FOR' So any idea for my case?
request_header_access X-Forwarded-For deny all Note mixed-case HTTP name, not the PHP internal variable name. Amos -- Please use Squid 2.6.STABLE20 or 3.0.STABLE5
