Thanks Amos. Actually My loadBalancer will send the XFF with source information. So i will use XFF as the source to block the users intead of IP. Is this possible? -Sekar On Mon, Apr 2, 2012 at 1:03 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote: >> >> Hello All, >> >> Can create an ACL based on XFF? > > > Yes. > > Now what do you mean by "based on"? > > >> Since the squid placed after the loadbancer, it will send the XFF and >> LB ip as source ip for all the request. So I want to put ACL based on >> XFF. >> >> Is this possible? > > > This is the purpose of XFF header and the follow_x_forwarded_for directive. > > This config: > acl LB src <your LB IP address> > follow_x_forwarded_for allow LB > follow_x_forwarded_for deny all > > With the LB setting the XFF header correctly the above will make Squid see > and use the IP of clients on other side of the LB. > > Amos
