Re: 1st post

From: Tilman Schmidt <Tilman.Schmidt@dont-contact.us>
Date: Mon, 14 Feb 2000 11:22:54 +0100

At 17:04 14.02.00 -0800, Mick Hanna wrote:
>what i wish to do is make the 3 client connect directly with the apache
>server via squid and all other web requests to go out to the internet.

This is a contradiction in itself. "Via" is not "direct". Your clients
can connect either directly or via Squid.

>i use the never_direct directive as such:
>acl mydomain dstdomain mydomain.net
>never_direct deny mydomain.net
>never_direct allow all
>
>thing seem to be working but upon looking at the apache_access log, i see
>that the requests from the local clients to the local apache server are
>getting logged as comming from frontier (the server itself)
>squid logs say the correct thing ie (coming from the clients ip addresses)
>this makes it hard to impliment apache auth stuff.

Both logs are correct as far as they go. Squid is a proxy, i.e.
it connects to the server on behalf of the clients. By
consequence, the server sees the requests as coming from Squid.

>if i edit the browsers bypass proxy for domain it logs correctly.
>but if i could do this from squid it would be cleaner :)

This is logically impossible. The only entity which can decide
whether the connection should be direct or via a proxy, is the
client. Squid only gets involved in a request if the client has
already decided to use it, i.e. *not* to connect directly to
the server. There is no way to make an indirect connection
direct after the fact.

What I'd recommend in this scenario is using a proxy auto-
configuration (PAC) script. This allows you to maintain your
clients' proxy settings centrally.

-- 
Tilman Schmidt          E-Mail: Tilman.Schmidt@sema.de (office)
Sema Group Koeln, Germany       tilman@schmidt.bn.uunet.de (private)
Received on Mon Feb 14 2000 - 03:33:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:12 MST