howard chen wrote:
> Hi,
>
> This is my current setup in using squid3 as reverse proxy:
>
> browser (e.g. 202.182.201.3) <----> squid3 stable6 <----> apache 1.3.37 (PHP)
>
> My PHP will get the user IP by HTTP_X_FORWARDED_FOR ENV variable.
> (setting squid.conf: forwarded_for on)
>
> There are 2 cases:
>
> 1. Normal case, my program can get the real IP of "202.182.201.3"
> 2. Cheating case, if user send a request already contains header of
> "X_FORWARDED_FOR",
> my program will be cheated by the client and the IP can be any
> specified by client.
>
>
> Now, my idea is to block the request header, e.g.
>
> request_header_access X_FORWARDED_FOR deny all
>
> But it end up with: parse_http_header_access: unknown header name
> 'X_FORWARDED_FOR'
>
>
> So any idea for my case?
request_header_access X-Forwarded-For deny all
Note mixed-case HTTP name, not the PHP internal variable name.
Amos
-- Please use Squid 2.6.STABLE20 or 3.0.STABLE5Received on Fri May 23 2008 - 13:27:43 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:05:13 MDT