Re: [squid-users] Ip Squid => Request => Access Refused

From: Marc Elsen <marc.elsen@dont-contact.us>
Date: Tue, 04 Nov 2003 13:34:30 +0100

ROUTIER Gilles wrote:
>
> Hy,
>
> I would like that Squid presente with @ the IP of the customer when it
> carries out a request.
> Because currently, squid returns its IP to carry out its request what
> poses problems of safety measures.
>
> Exemple :
> The customer is authorized to connect itself with his @ IP to a http
> server.
> When it is connected, the http server receives to it @ IP of Squid and
> returns to him like message: "Refused Access"
>
> Thanks
> Gil

 Basically , unavoidable by the nature of using the Squid proxy.
 Remote server can use the X-Forwarded-for field added by squid
 to the request to add the client ip.

 Squid can not presents itself with the ip of the customer, it's an
 app. not a network protocol.

 Basically, IP based auth. these days is outdated (conceptually).
 In today's Internet IP has been turned around into some
 kind of Superlan protocol (Nating tricks. e.d.). Make any source IP
 in most cases quite irrelevant in the context of app. authentication.

 Advise the remote site to use username/pw. authentication, for
instance.

 M.

-- 
 'Love is truth without any future.
 (M.E. 1997)
Received on Tue Nov 04 2003 - 05:34:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:05 MST