git.ipfire.org Git - thirdparty/squid.git/commit

author	Steve Hill <steve@opendium.com>
	Mon, 13 May 2013 03:57:03 +0000 (21:57 -0600)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 13 May 2013 03:57:03 +0000 (21:57 -0600)
commit	0d901ef43d218267e44c578fa2f67634de00663c
tree	a7a9090cfec3b493b5afce17ae03a176e2652030	tree \| snapshot
parent	691f66c0713464ce29d5c41234f36b6a4092e9f7	commit \| diff

Add spoof_client_ip access control

... to control whether TPROXY requests have their source IP address
spoofed by Squid.  The ACL defaults to allow (i.e. the current
behaviour), but using an ACL that results in a deny result will
disable spoofing for that request.

Example config to disable spoofing for all requests:
    spoof_client_ip deny all

Also, polish the TPROXY related flags:

1. The flags.spoofClientIp flag was a general "this is a TPROXY
   request" flag, which was a bit confusing given the name of the
   flag.  So the flags.spoofClientIp flag now only indicates
   whether we want to spoof the source IP or not.

2. The flags.interceptTproxy is added to flag whether the request
   was received on a "tproxy" port or not.

src/HttpRequest.cc		diff \| blob \| blame \| history
src/RequestFlags.h		diff \| blob \| blame \| history
src/SquidConfig.h		diff \| blob \| blame \| history
src/acl/DestinationIp.cc		diff \| blob \| blame \| history
src/auth/Acl.cc		diff \| blob \| blame \| history
src/cache_cf.cc		diff \| blob \| blame \| history
src/cf.data.pre		diff \| blob \| blame \| history
src/client_side.cc		diff \| blob \| blame \| history
src/client_side_request.cc		diff \| blob \| blame \| history
src/format/Format.cc		diff \| blob \| blame \| history
src/forward.cc		diff \| blob \| blame \| history
src/peer_select.cc		diff \| blob \| blame \| history
src/tunnel.cc		diff \| blob \| blame \| history