On 10/08/2013 3:42 a.m., Michael Graham wrote:
> Hi all,
>
> I've had a look at this issue and I believe I have found the problem.
> Just to recap I have:
>
> follow_x_forwarded_for allow localhost
> acl forwardTrafficSubnet1 src 172.21.120.0/24
> cache_peer 172.21.120.24 parent 8881 0 proxy-only no-query
> cache_peer_access 172.21.120.24 deny forwardTrafficSubnet1
> never_direct deny forwardTrafficSubnet1
> cache_peer_access 172.21.120.24 allow all
> never_direct allow all
>
> In the squid.conf but all traffic forwarded for 172.21.120.0/24
> addresses get sent to the upstream proxy.
>
> I found that this patch resolves the issue:
>
> === modified file 'src/neighbors.cc'
> --- src/neighbors.cc 2013-06-07 04:35:25 +0000
> +++ src/neighbors.cc 2013-08-09 15:25:57 +0000
> @@ -204,7 +204,11 @@
> return do_ping;
>
> ACLFilledChecklist checklist(p->access, request, NULL);
> +#ifdef FOLLOW_X_FORWARDED_FOR
> + checklist.src_addr = request->indirect_client_addr;
> +#else
> checklist.src_addr = request->client_addr;
> +#endif
> checklist.my_addr = request->my_addr;
>
> return (checklist.fastCheck() == ACCESS_ALLOWED);
>
> Cheers,
Er. What Squid version are you using?
The checklist() constructor pulls those details out of the request
object itself in the current Squid versions.
And the correct patch is to add:
#if FOLLOW_X_FORWARDED_FOR
if (Config.onoff.acl_uses_indirect_client)
src_addr = request->indirect_client_addr;
else
#endif /* FOLLOW_X_FORWARDED_FOR */
src_addr = request->client_addr;
Amos
Received on Sat Aug 10 2013 - 02:28:05 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 24 2013 - 12:00:07 MDT