On 2/04/2012 8:24 p.m., Sekar Duraisamy wrote:
Thanks Amos. Actually My loadBalancer will send the XFF with source
information. So i will use XFF as the source to block the users intead
of IP.
Is this possible?
Try using the config lines I gave.
Amos
-Sekar
On Mon, Apr 2, 2012 at 1:03 PM, Amos Jeffries wrote:
On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote:
Hello All,
Can create an ACL based on XFF?
Yes.
Now what do you mean by "based on"?
Since the squid placed after the loadbancer, it will send the XFF and
LB ip as source ip for all the request. So I want to put ACL based on
XFF.
Is this possible?
This is the purpose of XFF header and the follow_x_forwarded_for directive.
This config:
acl LB src<your LB IP address>
follow_x_forwarded_for allow LB
follow_x_forwarded_for deny all
With the LB setting the XFF header correctly the above will make Squid see
and use the IP of clients on other side of the LB.
Amos
