Hi Guys,
I run a reverse proxy for a client. They are using XFF for restricting
certain content to IP.
We have noted that the following doesn't "appear" to work as it should:
header_replace X-Forwarded-For allow all
My understanding is that this will cause squid to replace the XFF header
with it's own "client IP" ?
I see there is various answers about this on the internet so I would like
to know which one applies to this setup.
Here is some more details on the proxy chain:
client -> proxy1 -> proxy2 -> origin web server
Proxy 1 should replace the XFF header no matter what, so that if "client"
is behind a proxy, it doesn't matter.
Proxy 2 should just pass the header as per normal, it doesn't matter if it
adds an IP to the header.
I am looking at replacing these boxes with Debian 6 boxes over the next
week or so, but would really like to nail this one now :)
Thanks,
Pieter
