howard chen wrote:
Hi,
This is my current setup in using squid3 as reverse proxy:
browser (e.g. 202.182.201.3) <----> squid3 stable6 <----> apache 1.3.37 (PHP)
My PHP will get the user IP by HTTP_X_FORWARDED_FOR ENV variable.
(setting squid.conf: forwarded_for on)
There are 2 cases:
1. Normal case, my program can get the real IP of "202.182.201.3"
2. Cheating case, if user send a request already contains header of
"X_FORWARDED_FOR",
my program will be cheated by the client and the IP can be any
specified by client.
Now, my idea is to block the request header, e.g.
request_header_access X_FORWARDED_FOR deny all
But it end up with: parse_http_header_access: unknown header name
'X_FORWARDED_FOR'
So any idea for my case?
request_header_access X-Forwarded-For deny all
Note mixed-case HTTP name, not the PHP internal variable name.
Amos
--
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
