On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote:
Hello All,
Can create an ACL based on XFF?
Yes.
Now what do you mean by "based on"?
Since the squid placed after the loadbancer, it will send the XFF and
LB ip as source ip for all the request. So I want to put ACL based on
XFF.
Is this possible?
This is the purpose of XFF header and the follow_x_forwarded_for directive.
This config:
acl LB src <your LB IP address>
follow_x_forwarded_for allow LB
follow_x_forwarded_for deny all
With the LB setting the XFF header correctly the above will make Squid
see and use the IP of clients on other side of the LB.
Amos
