On Wed, 17 Feb 2010 09:49:03 +0000 (WET), Bruno Santos <bvsantos@xxxxxxxxxxxxxxxx> wrote: > X-Copyrighted-Material > > Hi ! > > No, i don't have those enabled. I'm using LDAP auth in squid (although > i've enabled proxy-digest.conf in dansguardian) > > The problem here is the following: > > When the request reaches dansguardian, the machine IP who made the request > is correct. > When dansguardian passes the request to squid, it goes with the local > machine IP (127.0.0.1) and squid denies the request.... > I've been messing around with the following dansguardian options: > forwardedfor, usexforwardedfor and originalip > > Any hints ? > !) This is how software chaining at OSI level-7 works. DG is running on machine at 127.0.0.1, therefore requests coming to Squid are arriving from ... With "follow_x_forwarded_for" set in Squid to trust DG on 127.0.0.1 and DG adding the XFF header properly Squid should be able to locate the real client IP in there and use that according to all the *_uses_indirect_client config settings. Amos