[squid-users] squid 5.1: external_acl_type: Get public remote address
David Touzeau
david at articatech.com
Thu Sep 16 10:09:38 UTC 2021
Hi comunity, Squid fans
I would like to use an external acl process for Geoip processing
i have tried to setup squid to send the remote peer address using %<a
code but it always reply with a "-"
external_acl_type MyGeopip ttl=3600 negative_ttl=3600 children-startup=2
children-idle=2 children-max=20 concurrency=1 ipv4 %un %SRC %SRCEUI48
%>ha{X-Forwarded-For} %DST %ssl::>sni %USER_CERT_CN %note %<a
/lib/squid3/squid-geoip
acl MyGeopip_acl external MyGeopip
http_access deny !MyGeopip_acl
I was thinking that Squid call the helper before resolving the remote route.
So to force it, i have added a "fake" acl to force Squid to calculate
the remote address.
acl fake_dst dst 127.0.0.2
http_access deny !fake_dst !MyGeopip_acl
But it failed too, the external_acl still receive the "-" instead of the
remote public IP address of the server
Where is the mistake ?
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210916/b2bc9000/attachment-0001.htm>
More information about the squid-users
mailing list