Thanks Amos. Actually My loadBalancer will send the XFF with source
information. So i will use XFF as the source to block the users intead
of IP.
Is this possible?
-Sekar
On Mon, Apr 2, 2012 at 1:03 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote:
>>
>> Hello All,
>>
>> Can create an ACL based on XFF?
>
>
> Yes.
>
> Now what do you mean by "based on"?
>
>
>> Since the squid placed after the loadbancer, it will send the XFF and
>> LB ip as source ip for all the request. So I want to put ACL based on
>> XFF.
>>
>> Is this possible?
>
>
> This is the purpose of XFF header and the follow_x_forwarded_for directive.
>
> This config:
> acl LB src <your LB IP address>
> follow_x_forwarded_for allow LB
> follow_x_forwarded_for deny all
>
> With the LB setting the XFF header correctly the above will make Squid see
> and use the IP of clients on other side of the LB.
>
> Amos
Received on Mon Apr 02 2012 - 08:24:09 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 02 2012 - 12:00:02 MDT