X-forward squid reverse Proxy
-
Hi,
i have pfsense with multiple Server behind it. (nginx)
My wish is to have the Original IP in the logs for piwik. I think you have to activate the ### add mod_extforward #### "mod_extforward" in the reverse proxy lighthttp (found in /etc/inc/system.inc).
The description i think is here http://www.cyberciti.biz/faq/nginx-extract-the-clients-real-ip-from-x-forwarded-for-header/ but i do not know how to acitivate it in pfsense.
How can i enable this Module and is there a chance to activate other modules and options (like gzip) ?
Maybe there is another solution for my problem?
Thanks and best regards
celtar
-
Something that worked for me is
Basically you have to set it on and then exclude sending the inner IPs out:
Enter something like this under Squid3: Proxy Server/General Settings Tab/Custom ACLS (Before Auth)
#header_replace X-Forwarded-For
forwarded_for onacl mxln src 10.0.0.0/24 # RFC1918 possible internal network
acl mxlno src 10.0.1.0/24 # RFC1918 possible internal network
acl mxlnr src 10.0.2.0/24 # RFC1918 possible internal networkreply_header_access X-Cache-Lookup deny !mxln
reply_header_access X-Cache-Lookup deny !mxlno
reply_header_access X-Cache-Lookup deny !mxlnr
reply_header_access X-Squid-Error deny !mxln
reply_header_access X-Squid-Error deny !mxlno
reply_header_access X-Squid-Error deny !mxlnr
reply_header_access X-Cache deny !mxln
reply_header_access X-Cache deny !mxlno
reply_header_access X-Cache deny !mxlnr
reply_header_access Via deny !mxln
reply_header_access Via deny !mxlno
reply_header_access Via deny !mxlnr