2010.10.27 15:30

Remove X-Forwarded-For header in Squid

Changes in 3.1 forwarded_for
New setting options. transparent, truncate, delete.

        If set to "transparent", Squid will not alter the
        X-Forwarded-For header in any way.

        If set to "delete", Squid will delete the entire
        X-Forwarded-For header.

        If set to "truncate", Squid will remove all existing
        X-Forwarded-For entries, and place itself as the sole entry.
        
Changes in 2.7 forwarded_for
Has several new modes, allowing one to finetune how/if the requesting client IP should be forwarded in X-Forwarded-For

Configuration Details:
Option Name: forwarded_for
Replaces:
Requires:
Default Value: forwarded_for on
Suggested Config:

If set to "on", Squid will append your client's IP address
in the HTTP requests it forwards. By default it looks like:

X-Forwarded-For: 192.1.2.3

If set to "off", it will appear as

X-Forwarded-For: unknown

If set to "transparent", Squid will not alter the
X-Forwarded-For header in any way.

If set to "delete", Squid will delete the entire
X-Forwarded-For header.

If set to "truncate", Squid will remove all existing
X-Forwarded-For entries, and place itself as the sole entry.



Some months ago I was working with Squid 3.0 and managed to get rid of the X-Forwarded-For header completely. Now I am trying to do the same thing but I do not seem to hit the nail.

I have tried forwarded_for off but that does not remove the header, it just inserts unknown in place of the client IP.

I tried header_access X-Forwarded-For deny all but I receive an error about invalid directive. Looking in the function reference it seems that this directive is deprecated in 3.0.

I tried forwarded_for delete but this is only available from 3.1.

Trackback 0 Comment 0