Re: [squid-users] Always-Direct

From: Christoph Haas <email@dont-contact.us>
Date: Wed, 21 Dec 2005 16:06:21 +0100

Rick...

your application team is stupid. ;)

On Wednesday 21 December 2005 14:12, Rick G. Kilgore wrote:
> Our application team does not want to rewrite a program that relies
> heavily on the IP address to maintain the identity of a connection to
> the client. I hate this idea and want the application redone correctly.

If they are too lazy do fix that I can offer an (untested) nifty workaround
in case you use an Apache server. It takes the IP address from the
X-Forwarded-For line in the HTTP header and sets the REMOTE_ADDR
environment variable correctly (which is probably the address they are
using in a CGI to find out the source IP address of the requester):

SetEnvIf X-Forwarded-For (.*) REMOTE_ADDR=$1

Documented at:
http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif

> It has been suggested that I use always-direct to bypass squid IP
> masking. My understanding was that always-direct just stopped the search
> of the cache and sends request directly to the listed server/s.

Neither. "always_direct" is used when you use a proxy chain (all your
requests are send upstream to another proxy server) to tell Squid to send
the requests *directly* to the web server instead of querying the parent
proxy in the chain. So it's not connected to your case. What you probably
think of is "no_cache" (which doesn't help either).

You can't do a thing about that on the proxy. Once the request is handled
by Squid the web server will see the proxy's IP address. (See also:
http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.13 - but you probably
don't want that.)

 Christoph

-- 
~
~
".signature" [Modified] 2 lines --100%--                2,41         All
Received on Wed Dec 21 2005 - 08:06:28 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:03 MST