Search squid archive

[patch] Re: [squid-users] X-Forwarded-For and cache_peer_access -- Fixed!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I've had a look at this issue and I believe I have found the problem.
Just to recap I have:

follow_x_forwarded_for allow localhost
acl forwardTrafficSubnet1 src 172.21.120.0/24
cache_peer 172.21.120.24 parent 8881 0 proxy-only no-query
cache_peer_access 172.21.120.24 deny forwardTrafficSubnet1
never_direct deny forwardTrafficSubnet1
cache_peer_access 172.21.120.24 allow all
never_direct allow all

In the squid.conf but all traffic forwarded for 172.21.120.0/24
addresses get sent to the upstream proxy.

I found that this patch resolves the issue:

=== modified file 'src/neighbors.cc'
--- src/neighbors.cc	2013-06-07 04:35:25 +0000
+++ src/neighbors.cc	2013-08-09 15:25:57 +0000
@@ -204,7 +204,11 @@
         return do_ping;
 
     ACLFilledChecklist checklist(p->access, request, NULL);
+#ifdef FOLLOW_X_FORWARDED_FOR
+    checklist.src_addr = request->indirect_client_addr;
+#else
     checklist.src_addr = request->client_addr;
+#endif
     checklist.my_addr = request->my_addr;
 
     return (checklist.fastCheck() == ACCESS_ALLOWED);

Cheers,
-- 
Michael Graham <mgraham@xxxxxxxxx>






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux