From bf63351ae14f331a52f4cbebff0f5b87e556de34 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Mon, 16 Apr 2012 12:43:58 +0200
Subject: [PATCH] don't hide x_Forwarded_For headers if havp is enabled

---
 ipasserelle-base.spec                                        |  5 ++++-
 .../e-smith/templates/etc/squid/squid.conf/96xForwardedFor   | 12 ++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/ipasserelle-base.spec b/ipasserelle-base.spec
index 8df6adc..72566be 100644
--- a/ipasserelle-base.spec
+++ b/ipasserelle-base.spec
@@ -1,4 +1,4 @@
-%define version 0.2.2
+%define version 0.2.3
 %define release 1
 %define name ipasserelle-base
 
@@ -45,6 +45,9 @@ Based on SMEServer, iPasserelle is a specially configured
 SME Server, with some additionnal modules
 
 %changelog
+* Mon Apr 16 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.3-1.sme
+- Don't hide X_Forwarded_For headers in squid if havp is enabled
+
 * Fri Apr 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.2-1.sme
 - Revert previous commit, bootstrap.min.css will go in webapps
 
diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor b/root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor
index 3d856af..ceeaa58 100644
--- a/root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor
+++ b/root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor
@@ -1,6 +1,18 @@
+{
+
+if (($havp{'status'} || 'disabled') ne 'enabled'){
+    $OUT .=<<"EOF";
 
 acl localhost src 127.0.0.1
 follow_x_forwarded_for allow localhost
 forwarded_for off
 header_access X-Forwarded-For deny all
 
+EOF
+
+}
+else{
+    $OUT .= '';
+}
+
+}