[squid-users] Explicitly use direct client IP in acl
Amos Jeffries
squid3 at treenet.co.nz
Fri Jul 10 00:50:11 UTC 2020
On 10/07/20 9:54 am, Orion Poplawski wrote:
> Hello -
>
> We're using a setup like this:
>
> client -> e2guardian -> squid -> internet
>
> e2guardian is providing filtering and SSL inspection. Currently we only
> allow access to e2guardian from our internal network. Currently we
> enforce access to squid come from localhost, except for some specific
> sites which do not work with SSL inspection.
>
> Then we allow:
>
> client -> squid -> internet
>
> this is based on the (non-forwarded) client IP.
>
> We would like to open up access to e2g from the internet but require
> authentication in that case.
Okay.
> This would require the use of forwarded
> IPs so the squid could distinguish between them (e2g does not do auth
> directly - it lets squid handle that). But then this breaks our config
> above because we no longer can distinguish between connections from e2g
> and direct ones.
How do you come to that conclusion?
What is your Squid version?
What is your current squid.conf contents?
Amos
More information about the squid-users
mailing list