[squid-users] cache_peer sourcehash and X-Forwarded-For
Amos Jeffries
squid3 at treenet.co.nz
Thu Mar 31 13:17:59 UTC 2016
On 1/04/2016 1:33 a.m., Chandan Kumar wrote:
> Hello,
> I am using Squid 2.7 and have below question:
Please upgrade. 2.7 was end-of-life'd 5 years ago. A lot has changed in
the Internet since then.
> while selecting cache_peer using sourcehash, can Squid use
> X-Forwarded-For address ?
No sourcehash is based on the real TCP connection details. Not easily
forged headers content.
> my requests are coming from a front end loadbalanced apache servers
> and for selecting cache_peer , requests are going only to one peer
> because it's taking IP of my "front end loadbalanced apache" instead
> of Actual client IP which is in X-Forwarded-For.
Actually the "Actual" client *is* the LB. The indirect client IP is what
_might_ be found somewhere in the XFF header path sequence.
The load balancing algorithms are designed for use when Squid is the LB.
Not really when some other software is doing the LB in front of it.
sourcehash hits the limits implied by that pretty hard. Any one of the
other algorithms is more appropriate for your setup.
I suggest carp or round-robin if you just want to spread the messages
around some peers.
Amos
More information about the squid-users
mailing list