反向代理模式下未轉發客戶端IP的魷魚

Question

我正在使用Squid 3.1.10（最新版本爲CentOS 6.4）作爲託管虛擬域的網絡服務器的反向代理。無論我嘗試什麼，我都無法讓Squid將客戶端IP傳遞給網絡服務器。我已經嘗試設置forwarded_for和XFF頭以不同的值，但我一直看到的是Squid的ip在Apache的訪問日誌中...即使我設置forwarded_for「刪除」。

有人會介意查看我的配置，請問？

http_port 80 accel vhost 

visible_hostname xxx.xxx.xxx 

forwarded_for on 

shutdown_lifetime 5 seconds 

acl manager proto cache_object 
acl localhost src 127.0.0.1/32 ::1 

acl localnet src xxx.xxx.xxx.0/24 # RFC1918 possible internal network 
acl localnet src fc00::/7   # RFC 4193 local private network range 
acl localnet src fe80::/10   # RFC 4291 link-local (directly plugged) machines 


http_access allow localhost manager 
http_access deny manager 

acl Safe_ports port 80 443 
http_access deny !Safe_ports 

acl SSL_ports port 443 
acl CONNECT method CONNECT 
http_access deny CONNECT !SSL_ports 

acl Safe_proto proto HTTP SSL 
http_access deny !Safe_proto 


################# BEGIN MAIN SERVER ######################## 

cache_peer xxx.xxx.xxx.xxx parent 80 0 no-query originserver name=mainwebserver 
acl mainwebserver_cached_sites dstdomain .site1.com .site2.com 

http_access allow mainwebserver_cached_sites 

cache_peer_access mainwebserver allow mainwebserver_cached_sites 
cache_peer_access mainwebserver deny all 


################### END MAIN SERVER ######################## 


hierarchy_stoplist cgi-bin ? 

#cache_dir ufs /var/spool/squid 100 16 256 

coredump_dir /var/spool/squid 


# Add any of your own refresh_pattern entries above these. 
refresh_pattern ^ftp:  1440 20% 10080 
refresh_pattern ^gopher: 1440 0% 1440 
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 
refresh_pattern .  0 20% 4320 

http_access deny all 

Answer 1

該IP被轉發，它是Apache上沒有使用它的日誌記錄目的。簡單地爲apache安裝mod_rpaf有訣竅。