>> Is it possible to apply 'forwarded_for' directive on acl, like: >> acl somewhere_someone dst ip-address/netmask >> forwarded_for allow somewhere_someone >> M> We can do this with "tcp_outgoing_aaddress TAG"
Unfortunately tcp_outgoing_address TAG does not approach He serves absolutely for other purposes. It is necessary, that (for predefined destination addresses only), HTTP protocol was substituted with kludge of the source address, that does forwarded_for... For example: user (10.0.0.1) -> GW -> target_service (100.200.0.1 : 80) comes as GW, but X_HTTP_FORWARDED_FOR = 10.0.0.1 user (10.10.0.1) -> GW -> other_service (200.100.0.1 : 80) comes as GW and X_HTTP_FORWARDED_FOR = unknown where GW - means gateway where squid is installed -- Dmitry Shukaylo mailto:[EMAIL PROTECTED]
