I have an environment setup like this- Client - HAProxy - SquidProxy - WebServer Client is using HAProxy as the forward proxy server, and trying to access a website on WebServer. Since SquidProxy is seeing the client IP address of HAProxy (and not Client), I've configured HAProxy to insert the X-Forwarded-For header where the value of X-Forwarded-For = Client's IP address. In squid.conf, I have an ACL that allows Client's IP address, and also have acl_uses_indirect_client enabled (which is the default). However when Client tries to get the website on WebServer, squid denies it with access denied. I enabled debugging and I see no reference to Client's IP, only HAProxy's IP. From reading the documentation, the expectation is that if Squid sees X-Forwarded-For, it should replace the client IP with the IP seen in X-Forwarded-For, but the debug log says this is not the case. Am I misreading the purpose of acl_uses_indirect_client or is this a bug in squid that it doesn't correctly handle X-Forwarded-For in ACL? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Don-t-understand-the-usage-of-acl-uses-indirect-client-tp4659354.html Sent from the Squid - Users mailing list archive at Nabble.com.
