[squid-users] Don't understand the usage of acl_uses_indirect_client

From: jesses408 <jesses5_at_gmail.com>
Date: Wed, 3 Apr 2013 17:16:15 -0700 (PDT)

I have an environment setup like this-

Client - HAProxy - SquidProxy - WebServer

Client is using HAProxy as the forward proxy server, and trying to access a
website on WebServer. Since SquidProxy is seeing the client IP address of
HAProxy (and not Client), I've configured HAProxy to insert the
X-Forwarded-For header where the value of X-Forwarded-For = Client's IP

In squid.conf, I have an ACL that allows Client's IP address, and also have
acl_uses_indirect_client enabled (which is the default). However when Client
tries to get the website on WebServer, squid denies it with access denied.

I enabled debugging and I see no reference to Client's IP, only HAProxy's
IP. From reading the documentation, the expectation is that if Squid sees
X-Forwarded-For, it should replace the client IP with the IP seen in
X-Forwarded-For, but the debug log says this is not the case.

Am I misreading the purpose of acl_uses_indirect_client or is this a bug in
squid that it doesn't correctly handle X-Forwarded-For in ACL?

View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Don-t-understand-the-usage-of-acl-uses-indirect-client-tp4659354.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Thu Apr 04 2013 - 00:16:18 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 04 2013 - 12:00:04 MDT