Colin,
Many thanks for your explanation. However, I am a still curious to have
trick, tools or utility (or something else) about how to expose the
"requestor"...and Squid still able to do its job.
Does Squid have ability to do that?
Again, thank you so much for your help
Best Regards,
Awie
----- Original Message -----
From: "Colin Campbell" <sgcccdc@citec.qld.gov.au>
To: "Awie" <awie@eksadata.com>
Cc: "M. Yu" <myu@websprinter.net>; <squid-users@ircache.net>
Sent: Thursday, January 18, 2001 11:53 AM
Subject: Re: [SQU] Squid for cache only
> Hi,
>
> On Thu, 18 Jan 2001, Awie wrote:
>
> > Thanks M. Yu ! My main concern is how to expose our client's IP to
internet
> > although their request is through Squid.
> >
> > My IX (Internet eXchange) is also use Squid (even version 1.x). If I
check
> > the IP that I use, it is MINE ! So, I think that M. Yu is right.
> >
> > Folk, is there a setting to do that M. Yu explain?
>
> Let me explain how a browser and a proxy interact. Let's assume we are
> trying to get to www.squid-cache.org.
>
> 1. No proxy/cache configured in browser.
>
> o user types: http://www.squid-cache.org/index.html
> o browser connects to www.squid-cache.org
> o browser sends "GET /index.html HTTP/1.0" followed by
> some HTTP headers to the server
>
> There is only one TCP connection: from the browser to the server.
> Therefore the server sees the browser IP in the connection and the browser
> sees the server.
>
> 2. Now lets configure a proxy in the browser
>
> o user types: http://www.squid-cache.org/index.html
> o browser consults its proxy configuration
> o browser connects to proxy
> o browser sends "GET http://www.squid-cache.org/index.html HTTP/1.0" plus
> some HTTP headers to the proxy.
> o proxy connects to www.squid-cache.org
> o proxy sends "GET /index.html HTTP/1.0" plus some HTTP headers to the
> server
>
> Now you can see there are TWO connections: browser-proxy and proxy-server.
> The browser never sees the server and the server never sees the browser.
>
> When the proxy sends the "GET ..." plus headers, it can do what it likes
> to the headers passed in by the browser. It can ignore them totally, it
> can add to them, it can leave some out. M. Yu (I believe) was referring to
> the option where the proxy will insert an HTTP header which has the client
> IP address in it. The server can use that for logging but it is NOT the
> address it sees in the IP packets.
>
> There are a number of good reasons why it is pointless having the proxy
> send packets with the IP address of the client browser as the source
> IP. The main one is the proxy would then be useless cos the server would
> send the packets back to the client, not the proxy.
>
> Colin
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Jan 17 2001 - 23:03:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:29 MST