int send_client_username;
int service_failure_limit;
int service_revival_delay;
+ int icap_uses_indirect_client;
Vector<ServiceConfig*> serviceConfigs;
}
if (TheConfig.send_client_ip && request)
- if (!request->client_addr.IsAnyAddr() && !request->client_addr.IsNoAddr())
- buf.Printf("X-Client-IP: %s\r\n", request->client_addr.NtoA(ntoabuf,MAX_IPSTRLEN));
+ {
+ IpAddress client_addr;
+#if FOLLOW_X_FORWARDED_FOR
+ if (TheConfig.icap_uses_indirect_client) {
+ client_addr = request->indirect_client_addr;
+ } else
+#endif
+ client_addr = request->client_addr;
+ if(!client_addr.IsAnyAddr() && !client_addr.IsNoAddr())
+ buf.Printf("X-Client-IP: %s\r\n", client_addr.NtoA(ntoabuf,MAX_IPSTRLEN));
+ }
if (TheConfig.send_client_username && request)
makeUsernameHeader(request, buf);
The end result of this process is an IP address that we will
refer to as the indirect client address. This address may
- be treated as the client address for access control, delay
+ be treated as the client address for access control, ICAP, delay
pools and logging, depending on the acl_uses_indirect_client,
- delay_pool_uses_indirect_client and log_uses_indirect_client
- options.
+ icap_uses_indirect_client, delay_pool_uses_indirect_client and
+ log_uses_indirect_client options.
This clause only supports fast acl types.
See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
broken_posts allow buggy_server
DOC_END
+NAME: icap_uses_indirect_client
+COMMENT: on|off
+TYPE: onoff
+IFDEF: FOLLOW_X_FORWARDED_FOR
+DEFAULT: on
+LOC: Adaptation::Icap::TheConfig.icap_uses_indirect_client
+DOC_START
+ Controls whether the indirect client address
+ (see follow_x_forwarded_for) instead of the
+ direct client address is passed to an ICAP
+ server as "X-Client-IP".
+DOC_END
+
NAME: via
IFDEF: HTTP_VIOLATIONS
COMMENT: on|off
projects / thirdparty / squid.git / commitdiff
