Hello Amos,
thank you for your answer.
I did add the follow_x_forwarded_for allow localhost and it did what I
wanted to.
With regards to the security warnings, I am ok with it as all users
have the same acl.
Regards,
Hugo
On 12 August 2011 15:23, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 13/08/11 00:47, Hugo Deprez wrote:
>>
>> Dear community,
>>
>> I am trying To configure dansguardian with squid3.
>> I am running debian squeeze.
>>
>> Everything is working but I am trying to have the real IP source in
>> the squid's access.log file.
>>
>> I configured forwardedfor = on in dansguardian.conf,
>>
>> When I check The access.log file, i only see 127.0.0.1 as source of the
>> request.
>>
>> I did a network packet capture. And I found the field X-forwarded-for was
>> like :
>>
>> http.x_forwarded_for == "192.168.200.1, 127.0.0.1"
>>
>> In squid.conf I used the following log configuration :
>>
>> logformat combined %>a %>a %>A %>p %la %lp %ui %un
>> [%{%d/%b/%Y:%H:%M:%S +0000}tl] "%rm %ru HTTP/%rv" %>Hs %<st
>> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
>> access_log /var/log/squid3/access.log combin
>>
>> But %>a is still return 127.0.0.1.
>>
>> So is there a way to change the behaviour in order to show the real IP
>> address ?
>
> log_uses_indirect_client on
>
>>
>> Or is there a way to hide source 127.0.0.1 ?
>
> You define in squid.conf that 127.0.0.1 has a proxy you *trust* not to lie
> to you in its XFF header.
>
> Please read the security warnings about follow_x_forwarded_for
> http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
>
>
> follow_x_forwarded_for allow localhost
>
> NP: assuming that you still have the default localhost definition
> configured.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.14
> Beta testers wanted for 3.2.0.10
>
Received on Tue Aug 16 2011 - 15:38:38 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 16 2011 - 12:00:02 MDT