On 10/01/25 10:33, Orion Poplawski wrote:
On 1/9/25 02:03, Stephen Borrill wrote:
On 08/01/2025 23:33, Orion Poplawski wrote:
You could also try adding forwardedfor = yes in e2guardian.conf along with
follow_x_forwarded_for in your squid configuration.
I set that in e2guardian.conf and in squid.conf I ended up with:
# Trust X-Forwarded-For from local e2g connections
follow_x_forwarded_for allow localhost
This is fine, assuming that e2guardian is connecting to Squid *from*
localhost IP.
follow_x_forwarded_for allow localnet
This you should not do. It will allow any client on your LAN to make
Squid log any fake IP they want.
If e2guardian is contacting Squid *from* a LAN IP address you should
create an ACL containing only that IP for the XFF allow action.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
