Re: [squid-users] Downstream proxy, X-Forwarded-For and ips logged in squid

----- Original Message -----
From: "Daniel Barron" <squidguard@jadeb.com>
To: <squid-users@squid-cache.org>
Sent: Monday, June 18, 2001 12:11 AM
Subject: Re: [squid-users] Downstream proxy, X-Forwarded-For and ips
logged in squid

> In message <20010617053320.A23347@squid-cache.org> you wrote:
>
> > On Sun, Jun 17, 2001, Daniel Barron wrote:
> [snip]
> > > Is there another way in which squid could pick up and log the
source ip if
> > > it's going through a downstream proxy? RFC standard or not - as
long as its
> > > built-in by default?
> >
> > Well, you could always ask someone to code it for you.
> > We're more than flexible .. it doesn't _have_ to go into the
> > base distribution, but it has to be avaliable. :-)
>
> It's a kind offer, but I have to refuse. I'll explain...
>
> I'm writing DansGuardian (see sig) which uses squid to do all the
fetching.
> It acts as a pass-through filter. As expected, squid logs the source
ip
> as the loopback (if dg is running on the same machine), rather than
the
> client browser ip. This is not a big problem as the DG logs log the
ip
> instead, but a few of my users would like squid to log the client ip
and
> there is also a problem with squid and OWA (outlook web access) and as
far
> as I can tell, it's to do with the source ip changing. So that's why
I
> wanted the solution. I've added X-F-F to the header in DG to try to
solve
> it.

The OWA issue won't be due to the ip changing. OWA works with
two-proxies in series. There will most likely be a bug in either squid
or the DansGuardian proxy code.

> The current stable version of DG relies on two seperate libraries so
to
> install it you have to install and compile three things. This is bad
enough
> without having to patch squid. DG version 2 (being written) does not
need
> the libraries and so will be installable by RPM, but not if it
requires a
> patch to squid.
>
> So you can see my reason for wanting to be able to do it in a standard
> squid distribution.
>
> Thanks for the help. I'll report back to the DG mailing list the
findings.
>
>
> --
> Daniel Barron
> (Visit http://dansguardian.org/ - True web content filtering for all)
>
>
Received on Sun Jun 17 2001 - 07:48:22 MDT