On 10/08/2013 3:42 a.m., Michael Graham wrote:
Hi all,
I've had a look at this issue and I believe I have found the problem.
Just to recap I have:
follow_x_forwarded_for allow localhost
acl forwardTrafficSubnet1 src 172.21.120.0/24
cache_peer 172.21.120.24 parent 8881 0 proxy-only no-query
cache_peer_access 172.21.120.24 deny forwardTrafficSubnet1
never_direct deny forwardTrafficSubnet1
cache_peer_access 172.21.120.24 allow all
never_direct allow all
In the squid.conf but all traffic forwarded for 172.21.120.0/24
addresses get sent to the upstream proxy.
I found that this patch resolves the issue:
=== modified file 'src/neighbors.cc'
--- src/neighbors.cc 2013-06-07 04:35:25 +0000
+++ src/neighbors.cc 2013-08-09 15:25:57 +0000
@@ -204,7 +204,11 @@
return do_ping;
ACLFilledChecklist checklist(p->access, request, NULL);
+#ifdef FOLLOW_X_FORWARDED_FOR
+ checklist.src_addr = request->indirect_client_addr;
+#else
checklist.src_addr = request->client_addr;
+#endif
checklist.my_addr = request->my_addr;
return (checklist.fastCheck() == ACCESS_ALLOWED);
Cheers,
Er. What Squid version are you using?
The checklist() constructor pulls those details out of the request
object itself in the current Squid versions.
And the correct patch is to add:
#if FOLLOW_X_FORWARDED_FOR
if (Config.onoff.acl_uses_indirect_client)
src_addr = request->indirect_client_addr;
else
#endif /* FOLLOW_X_FORWARDED_FOR */
src_addr = request->client_addr;
Amos
