Re: [squid-users] IP passthrough the cache

From: Laurent HENRY <laurent.henry@dont-contact.us>
Date: Wed, 22 Jan 2003 15:10:06 +0100

I mean it works using the remote application and passing by the proxy.
so i guess it passes by the proxy but the end application doesn't see the
proxy address and know it is for one of it registred client.

in my squid.conf :
forwarded_for on

Le Mercredi 22 Janvier 2003 15:01, Marc Elsen a écrit :
> Laurent HENRY wrote:
> > Hi,
> > thank you for your answer. Unfortunately, i told them the same but they
> > don't seem to give a damn about my complains.
> > What i don't understand is what (without any special squid configuration)
> > it works with some workstations (Win$) and some not at all(MacOs/Linux).
>
> Not sure what you mean by 'it works' here, you mean just Internet
> access or using the remote application ?
>
> > Can you tell me more about the X-Forward and the use of it in this
> > particular bad case ?
>
> From squid.conf.default
>
>
> # TAG: forwarded_for on|off
> # If set, Squid will include your system's IP address or name
> # in the HTTP requests it forwards. By default it looks like
> # this:
> #
> # X-Forwarded-For: 192.1.2.3
> #
> # If you disable this, it will appear as
> #
> # X-Forwarded-For: unknown
> #
> #Default:
> # forwarded_for on
>
> It remains at the discretion of the remote webserver to use that info,
> but as stated, it would probably be very easy to work around such
> auth schemes.
>
> > Le Mercredi 22 Janvier 2003 14:27, vous avez écrit :
> > > Laurent HENRY wrote:
> > > > hi,
> > > >
> > > > i come back on an old topic i found in the archives of the mailing
> > > > list, a thread named "Passthrough TCP/IP address".
> > > > I'm facing exactly the same problem now and i don't know how to
> > > > resolve it.
> > > >
> > > > Some of the client of my network need to connect to a website using
> > > > an IP address access lists (for a paying subscription).
> > > > My clients can't have Internet access without the proxy, so i can't
> > > > give them direct access to the site and bypass the squid as told in
> > > > the thread. The foreign webserver wants to see the IP of the client
> > > > and only get the IP of my proxy, so they are refused.
> > > > Can i configure the proxy to make something resolving the problem ?
> > > >
> > > > This case is very hard to understand for me because some client
> > > > systems seems to actually pass through and some not;this without any
> > > > action from me...
> > >
> > > Tell the remote server (service), to look at the X-Forwarded-for
> > > field in the http request send by out.
> > > Usage of this header is controlled in squid.conf.
> > >
> > > Anyway, we were faced with similar problems in the past : modern
> > > webserver will use authentication based upon usernames/password etc.
> > >
> > > Why , because i a higher level application should use high level
> > > authentication schemes (tell them that :-).
> > >
> > > IP in the current internet world is being hacked-around all the time,
> > > NAT-ing , routers+NAT, Firewall-NAT , etc. can make in this world
> > > that any ip address can 'represent' many hosts.
> > >
> > > So they are simply implementing poor auth. schemes,...
> > >
> > > M.
Received on Wed Jan 22 2003 - 07:10:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:47 MST