Re: [squid-users] users proxy IP

From: Daniel Barron <[email protected]>
Date: Thu, 08 Nov 2001 11:29:35 GMT

In message <3BCAD666.831CEDDB@marasystems.com>
          Henrik Nordstrom <hno@marasystems.com> wrote:
> pankaj patel wrote:
> >
> > Than is there any way todo that, cause i also want to do the same thing ,
> > users to be seeing with their IP??s from the outside
> >
> > Thanks
> > pankaj

> Not really. To make the connections look like they come from the
> client's IP, the proxy must spoof the client IP. This is not something
> which can be easily done and requires changes to both Squid and the host
> where Squid runs, and even then is only possible in very specific
> network configurations.
>
> What Squid does it to send the clients IP in the added request header
> X-Forwarded-For. Servers who are interested in knowing who the client
> behind the proxy is may use this header.

This is very interesting. I understand that squid itself does not support
the X-Forwarded-For header entry. But is there a way to do this?

I would like to:

a) modify the log setting so that it logs the results from an XFF entry and
this can be in addition or in replacement for the source ip entry.

b) set up ACLs according to the X-Forwarded-For header value.

How do I do this? I've looked at the FAQ and not found the answer and had
a look at quite a few mailing list archive entries with the word 'forwarded'
in and not found the answer. Infact this is how I came to this email that
is quoted. I've also looked at the squid.conf and not seen a way to do this.
Also the ACL information in the FAQ suggests that b) is impossible.

Can you help? Or do you know where I can find the information.

-- 
Daniel Barron
Received on Thu Nov 08 2001 - 04:38:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:58 MST