Hi Peter, I've seen similar issues with Bluecoat boxes in the past, whereby Squid receives requests from the Bluecoats and the Bluecoat IP address appears in the logs. I'm guessing your pfSense boxes sit in front of your Squid server? By default, Squid has 'forwarded_for on' which means it will append the source IP (which to Squid is the IP of the pfSense box) to the X-Forwarded-For header. You need to change this option to 'forwarded_for transparent', and ensure that your pfSense box sets the X-Forwarded-For header. In your logformat you should also place "%{X-Forwarded-For}>h" so that the contents of the header are included in the log file. Hope that helps Gareth ----- Follow me on... My Blog Twitter LinkedIn Facebook -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Enabling-x-forward-address-in-logs-tp4489509p4489658.html Sent from the Squid - Users mailing list archive at Nabble.com.