Hi all, I've had a look at this issue and I believe I have found the problem. Just to recap I have: follow_x_forwarded_for allow localhost acl forwardTrafficSubnet1 src 172.21.120.0/24 cache_peer 172.21.120.24 parent 8881 0 proxy-only no-query cache_peer_access 172.21.120.24 deny forwardTrafficSubnet1 never_direct deny forwardTrafficSubnet1 cache_peer_access 172.21.120.24 allow all never_direct allow all In the squid.conf but all traffic forwarded for 172.21.120.0/24 addresses get sent to the upstream proxy. I found that this patch resolves the issue: === modified file 'src/neighbors.cc' --- src/neighbors.cc 2013-06-07 04:35:25 +0000 +++ src/neighbors.cc 2013-08-09 15:25:57 +0000 @@ -204,7 +204,11 @@ return do_ping; ACLFilledChecklist checklist(p->access, request, NULL); +#ifdef FOLLOW_X_FORWARDED_FOR + checklist.src_addr = request->indirect_client_addr; +#else checklist.src_addr = request->client_addr; +#endif checklist.my_addr = request->my_addr; return (checklist.fastCheck() == ACCESS_ALLOWED); Cheers, -- Michael Graham <mgraham@xxxxxxxxx>