I am using Squid 3.1.10 (latest version for CentOS 6.4) as a reverse-proxy for a webserver hosting virtual domains. I cannot get Squid to pass the client IP to the webserver, no matter what I try. I have tried setting forwarded_for and the XFF header at different values but all I keep seeing is Squid's ip in apache's access log...even if I set forwarded_for to "delete".
Would someone mind looking over my config, pls?
http_port 80 accel vhost
visible_hostname xxx.xxx.xxx
forwarded_for on
shutdown_lifetime 5 seconds
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl localnet src xxx.xxx.xxx.0/24 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
http_access allow localhost manager
http_access deny manager
acl Safe_ports port 80 443
http_access deny !Safe_ports
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
acl Safe_proto proto HTTP SSL
http_access deny !Safe_proto
################# BEGIN MAIN SERVER ########################
cache_peer xxx.xxx.xxx.xxx parent 80 0 no-query originserver name=mainwebserver
acl mainwebserver_cached_sites dstdomain .site1.com .site2.com
http_access allow mainwebserver_cached_sites
cache_peer_access mainwebserver allow mainwebserver_cached_sites
cache_peer_access mainwebserver deny all
################### END MAIN SERVER ########################
hierarchy_stoplist cgi-bin ?
#cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
http_access deny all