]> git.ipfire.org Git - thirdparty/squid.git/blobdiff - src/forward.cc
projects / thirdparty / squid.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add spoof_client_ip access control
[thirdparty/squid.git] / src / forward.cc
diff --git a/src/forward.cc b/src/forward.cc
index d872d347c413aaefc6ea78c4b14936d3c19fe251..8ada85e5c0b8685e4f72946432ac61e4ea17f28b 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -151,7 +151,7 @@ void FwdState::start(Pointer aSelf)
     // Bug 3243: CVE 2009-0801
     // Bypass of browser same-origin access control in intercepted communication
     // To resolve this we must force DIRECT and only to the original client destination.
-    const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.spoofClientIp);
+    const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.interceptTproxy);
     const bool useOriginalDst = Config.onoff.client_dst_passthru || (request && !request->flags.hostVerified);
     if (isIntercepted && useOriginalDst) {
         selectPeerForIntercepted();
Mirror of https://github.com/squid-cache/squid.git