[squid-users] Using and trusting remote client IP address via upstream proxy
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Jan 9 09:00:37 UTC 2025
On 08.01.25 16:33, Orion Poplawski wrote:
>We use e2guardian and squid in a combined method were requests can either go
>to e2guardian first and get forwarded to squid, or go directly to squid.
>
>I would like to be able to have squid allow connections for certain remote
>client IPs without requiring authentication. However, the connections that
>come in through e2guardian appear to squid as coming from localhost. Is there
>a way that e2guardian could pass the IP address of the client on to squid?
if e2guardian provides x-forwarded-for header, squid can use it:
http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
note that you should this header should be only trusted when you trust the
client, localhost should be fine
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
More information about the squid-users
mailing list