Re: [squid-users] IP passthrough the cache

From: Marc Elsen <marc.elsen@dont-contact.us>
Date: Wed, 22 Jan 2003 14:27:30 +0100

Laurent HENRY wrote:
>
> hi,
>
> i come back on an old topic i found in the archives of the mailing list, a
> thread named "Passthrough TCP/IP address".
> I'm facing exactly the same problem now and i don't know how to resolve it.
>
> Some of the client of my network need to connect to a website using an IP
> address access lists (for a paying subscription).
> My clients can't have Internet access without the proxy, so i can't give them
> direct access to the site and bypass the squid as told in the thread.
> The foreign webserver wants to see the IP of the client and only get the IP
> of my proxy, so they are refused.
> Can i configure the proxy to make something resolving the problem ?
>
> This case is very hard to understand for me because some client systems seems
> to actually pass through and some not;this without any action from me...

 Tell the remote server (service), to look at the X-Forwarded-for
 field in the http request send by out.
 Usage of this header is controlled in squid.conf.

 Anyway, we were faced with similar problems in the past : modern
 webserver will use authentication based upon usernames/password etc.

 Why , because i a higher level application should use high level
 authentication schemes (tell them that :-).
 
 IP in the current internet world is being hacked-around all the time,
 NAT-ing , routers+NAT, Firewall-NAT , etc. can make in this world
 that any ip address can 'represent' many hosts.

 So they are simply implementing poor auth. schemes,...

 M.

-- 
 'Time is a consequence of Matter thus
 General Relativity is a direct consequence of QM
 (M.E. Mar 2002)
Received on Wed Jan 22 2003 - 06:27:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:47 MST