Michael Portz wrote:
My scenario is the following:
The original accesses from our LAN hit on the first-level squid.
Doing some basic load-balancing the requests are forwarded to several
parent-squids. Each of these contact various ICAP-servers for
modifications of the request.
The problem: several decisions of the ICAP-server should be based on
the original clients IP-address. Alas, given the scenario above, it
only can be based on the outgoing IP address of the first-level
proxy. The configuration option follow_x_forwarded_for does right the
thing, but "only" access_control, delay pools and logging are
explicitly stated as applications. Does it work for icap, too? Or is
something like this in the development queue?
The all-over squid version is 3.0.STABLE21.
Regards Michael
Strange. 3.0 does not even have a follow_x_forwarded_for option. That
was added to Squid-3.1.
The one in 3.1 has several known problems such as the ICAP lack you
cite. http://bugs.squid-cache.org/show_bug.cgi?id=2731
I'm hoping to fix XFF by next release. Certainly before it goes stable.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15
