... to control whether TPROXY requests have their source IP address
spoofed by Squid. The ACL defaults to allow (i.e. the current
behaviour), but using an ACL that results in a deny result will
disable spoofing for that request.
Example config to disable spoofing for all requests:
spoof_client_ip deny all
Also, polish the TPROXY related flags:
1. The flags.spoofClientIp flag was a general "this is a TPROXY
request" flag, which was a bit confusing given the name of the
flag. So the flags.spoofClientIp flag now only indicates
whether we want to spoof the source IP or not.
2. The flags.interceptTproxy is added to flag whether the request
was received on a "tproxy" port or not.