[squid-users] Using and trusting remote client IP address via upstream proxy
Stephen Borrill
squid at borrill.org.uk
Thu Jan 9 09:03:18 UTC 2025
On 08/01/2025 23:33, Orion Poplawski wrote:
> We use e2guardian and squid in a combined method were requests can either go
> to e2guardian first and get forwarded to squid, or go directly to squid.
>
> I would like to be able to have squid allow connections for certain remote
> client IPs without requiring authentication. However, the connections that
> come in through e2guardian appear to squid as coming from localhost. Is there
> a way that e2guardian could pass the IP address of the client on to squid?
You don't say how you select between e2guardian and direct to squid.
You could use e2guardian in ICAP mode, so that all clients go to squid
first and then use acls to choose which requests go via e2guardian.
You could also try adding forwardedfor = yes in e2guardian.conf along
with follow_x_forwarded_for in your squid configuration.
--
Stephen
More information about the squid-users
mailing list