I want to set up a squid gateway, which doesn't forward the X-Forwarded-For header to most of the websites. But I want it to be forwarded to a specific domain. Here's the sample I'm trying to accomplish:
Scenario 1: User visits Google.be . No X-Forwarded-For is send, since it's an internal IP address, so only the WAN Address should be visible in that header (eg 84.12.34.56).
Scenario 2: User visits some-online-service.ourcompany.be . The X-Forwarded-For is send, containing the local IP (e.g. 10.0.0.7), so my the some-online-service.ourcompany.be can see from where in our network the request origins.
I want to implement this as an extra security layer, so that people from e.g. the Sales dept cannot visit services for people from the R&D dept, even if they have one of the R&D usernames.
Is this actually possible? And if yes, can I do this with squid, or do I need other software? Are there any tutorials/manuals/etc on this subject?
Thank you,
Yvan
