Error in "forwarded-for" address

From: Ross Wheeler <[email protected]>
Date: Tue, 20 May 1997 18:57:15 +1000 (EST)

Hello,
     I posted a message about this a few weeks ago, but didn't get _any_
response at all, so perhaps it failed to make the list?

I have a strange and intermittent problem with Squid 1.1.9 on FreeBSD
2.1.5, 8Gb SCSI drives, 64Mb RAM.

There are no errors being reported in the log, apart from some IP
mappings that didn't work (but these are at other sites beyond my control).

The problem is that I have some scripts that authenticate the (local)
user before specific action is taken - for instance, an itemised bill.
The user clicks on the "check bill" icon which calls a CGI script. If the
user is not using the proxy, but is one of our local hosts with a static
IP and hostname, all works fine. If the user is using the proxy, the
"remote host" is of course the proxy. I then take the value of the
"http_x_forwarded_for" variable and map it back from IP to user. This has
worked perfectly for 2 years, including the reasonable period of time I
was using squid 1.0.6, but with the change to 1.1.9, it *intermittently*
returns an incorrect IP address, which *is* a valid address, and always
seems to be someone else who is logged on.

I've gone through the logs, and indeed, squids own logs confirm that it
*thinks* the page was requested by the wrong person. Only sometimes. Most
of the time it's right.

I have not been able to find the common thread in this, so does anyone
have a suggestion of where I can look to find/fix the fault?

The cache is not particularly busy: about 2500 TCP connections/hour - but
the server is only running squid, and is typically at 98-99% free CPU.

All suggestions appreciated!

RossW
Received on Tue May 20 1997 - 01:57:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:13 MST