I have an environment setup like this-
Client - HAProxy - SquidProxy - WebServer
Client is using HAProxy as the forward proxy server, and trying to access a
website on WebServer. Since SquidProxy is seeing the client IP address of
HAProxy (and not Client), I've configured HAProxy to insert the
X-Forwarded-For header where the value of X-Forwarded-For = Client's IP
address.
In squid.conf, I have an ACL that allows Client's IP address, and also have
acl_uses_indirect_client enabled (which is the default). However when Client
tries to get the website on WebServer, squid denies it with access denied.
I enabled debugging and I see no reference to Client's IP, only HAProxy's
IP. From reading the documentation, the expectation is that if Squid sees
X-Forwarded-For, it should replace the client IP with the IP seen in
X-Forwarded-For, but the debug log says this is not the case.
Am I misreading the purpose of acl_uses_indirect_client or is this a bug in
squid that it doesn't correctly handle X-Forwarded-For in ACL?
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Don-t-understand-the-usage-of-acl-uses-indirect-client-tp4659354.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Thu Apr 04 2013 - 00:16:18 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 04 2013 - 12:00:04 MDT