Michael Portz wrote:
My scenario is the following: The original accesses from our LAN hit on the first-level squid. Doing some basic load-balancing the requests are forwarded to several parent-squids. Each of these contact various ICAP-servers for modifications of the request. The problem: several decisions of the ICAP-server should be based on the original clients IP-address. Alas, given the scenario above, it only can be based on the outgoing IP address of the first-level proxy. The configuration option follow_x_forwarded_for does right the thing, but "only" access_control, delay pools and logging are explicitly stated as applications. Does it work for icap, too? Or is something like this in the development queue? The all-over squid version is 3.0.STABLE21. Regards Michael
Strange. 3.0 does not even have a follow_x_forwarded_for option. That was added to Squid-3.1.
The one in 3.1 has several known problems such as the ICAP lack you cite. http://bugs.squid-cache.org/show_bug.cgi?id=2731
I'm hoping to fix XFF by next release. Certainly before it goes stable. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15
