Hi all,
I've had a look at this issue and I believe I have found the problem.
Just to recap I have:
follow_x_forwarded_for allow localhost
acl forwardTrafficSubnet1 src 172.21.120.0/24
cache_peer 172.21.120.24 parent 8881 0 proxy-only no-query
cache_peer_access 172.21.120.24 deny forwardTrafficSubnet1
never_direct deny forwardTrafficSubnet1
cache_peer_access 172.21.120.24 allow all
never_direct allow all
In the squid.conf but all traffic forwarded for 172.21.120.0/24
addresses get sent to the upstream proxy.
I found that this patch resolves the issue:
=== modified file 'src/neighbors.cc'
--- src/neighbors.cc 2013-06-07 04:35:25 +0000
+++ src/neighbors.cc 2013-08-09 15:25:57 +0000
@@ -204,7 +204,11 @@
return do_ping;
ACLFilledChecklist checklist(p->access, request, NULL);
+#ifdef FOLLOW_X_FORWARDED_FOR
+ checklist.src_addr = request->indirect_client_addr;
+#else
checklist.src_addr = request->client_addr;
+#endif
checklist.my_addr = request->my_addr;
return (checklist.fastCheck() == ACCESS_ALLOWED);
Cheers,
-- Michael Graham <mgraham_at_bloxx.com>Received on Fri Aug 09 2013 - 15:42:53 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 10 2013 - 12:00:08 MDT