我正在使用Squid 3.1.10(CentOS 6.4的最新版本)作为托管虚拟域的网络服务器的反向代理。无论我尝试什么,我都无法让 Squid 将客户端 IP 传递给网络服务器。我尝试将forwarded_for和 XFF 标头设置为不同的值,但我一直在 apache 的访问日志中看到 Squid 的 ip......即使我forwarded_for设置为"删除"。
有人介意查看我的配置吗?
http_port 80 accel vhost
visible_hostname xxx.xxx.xxx
forwarded_for on
shutdown_lifetime 5 seconds
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl localnet src xxx.xxx.xxx.0/24 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
http_access allow localhost manager
http_access deny manager
acl Safe_ports port 80 443
http_access deny !Safe_ports
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
acl Safe_proto proto HTTP SSL
http_access deny !Safe_proto
################# BEGIN MAIN SERVER ########################
cache_peer xxx.xxx.xxx.xxx parent 80 0 no-query originserver name=mainwebserver
acl mainwebserver_cached_sites dstdomain .site1.com .site2.com
http_access allow mainwebserver_cached_sites
cache_peer_access mainwebserver allow mainwebserver_cached_sites
cache_peer_access mainwebserver deny all
################### END MAIN SERVER ########################
hierarchy_stoplist cgi-bin ?
#cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
http_access deny all
正在转发 ip,它是 apache 上没有将其用于日志记录目的。简单地为 apache 安装 mod_rpaf 就可以了。