On 3/04/2012 1:13 a.m., Sekar Duraisamy wrote:
This will allow XFF header from the LB requests to squid. How to block the original users in squid with the XFF information? I mean the ACL configuration please...
Exactly as you would if the clients had connected to Squid directly. Using the "src" ACL type.
I'm not sure what your confusion is. Have you added the follow_x_forwarded_for rules yet and seen what they do?
This is the purpose of XFF header and the follow_x_forwarded_for directive. This config: acl LB src<your LB IP address> follow_x_forwarded_for allow LB follow_x_forwarded_for deny all With the LB setting the XFF header correctly the above will make Squid see and use the IP of clients on other side of the LB. Amos
