From 014c1fd18a094cd1dfcab2584c944de5682469d5 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 21 May 2007 19:30:31 +0000 Subject: Various fixes from Martin Fuchs: * There's an issue with squid: it only accepts one interface, wven when selected more than one. * A second issue ist hat squid forwards the internal ip which is nor wanted by everyone --- packages/squid/squid.inc | 8 +++++--- packages/squid/squid.xml | 6 ++++++ 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'packages/squid') diff --git a/packages/squid/squid.inc b/packages/squid/squid.inc index 4fbe2c16..ecefe813 100644 --- a/packages/squid/squid.inc +++ b/packages/squid/squid.inc @@ -499,7 +499,7 @@ EOD; $conf .= "acl localnet src $src\n"; $valid_acls[] = 'localnet'; } - + if ($settings['disable_xforward']) $conf .= "forwarded_for off\n"; return $conf; } @@ -1024,17 +1024,19 @@ function squid_generate_rules($type) { switch($type) { case 'nat': - foreach ($ifaces as $iface) + foreach ($ifaces as $iface){ $rules .= "# Setup Squid proxy redirect\n"; $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; $rules .= "\n"; + }; break; case 'filter': - foreach ($ifaces as $iface) + foreach ($ifaces as $iface){ $rules .= "# Setup squid pass rules for proxy\n"; $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n"; $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n"; $rules .= "\n"; + }; break; default: break; diff --git a/packages/squid/squid.xml b/packages/squid/squid.xml index 8b5845cc..ee5c4924 100644 --- a/packages/squid/squid.xml +++ b/packages/squid/squid.xml @@ -179,6 +179,12 @@ English select + + Disable X-Forward + disable_xforward + If not set, Squid will include your system's IP address or name in the HTTP requests it forwards. By default it looks like this: X-Forwarded-For: 192.1.2.3. If you enable this, it will appear as X-Forwarded-For: unknown + checkbox + squid_resync(); -- cgit v1.2.3