Skip to content

Instantly share code, notes, and snippets.

@alvarow

alvarow/squid-xff-log.conf

Created February 9, 2017 21:49
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save alvarow/fa409edc70aeb4cf89bbc83c1c78f392 to your computer and use it in GitHub Desktop.
Save alvarow/fa409edc70aeb4cf89bbc83c1c78f392 to your computer and use it in GitHub Desktop.
Download ZIP
Sets Squid Proxy to log IP address from X-Forwarded-For header instead of the real client ip address if the X-Forwarded-For header exists.
Raw
squid-xff-log.conf
# Has XFF header with a value
acl has-xff req_header X-Forwarded-For ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\]))
# default logformat
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
# default logformat using XFF instead of client IP address
logformat squid-xff %ts.%03tu %6tr %{X-Forwarded-For}>h %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
# If no XFF header, use default format
access_log stdio:/var/log/squid/access.log squid !has-xff
# If XFF use XFF format
access_log stdio:/var/log/squid/access.log squid-xff has-xff
@alvarow
Copy link
Author

alvarow commented Feb 10, 2017

This is smarter, but requires Squid v3.5+:

http_port 3128 require-proxy-header
acl localnet src 10.0.0.0/8
proxy_protocol_access allow localnet
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow localnet
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
tproxy_uses_indirect_client off

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment