Re: [squid-users] users proxy IP from Henrik Nordstrom on 2001-11-15 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 15 Nov 2001 20:15:31 +0100

Squid needs a flexible log format implementation similar to the "custom"
log format of Apache. If you make a reasonable one it is very likely to
get incorporated into mainstream Squid.

Likevise for a X-Forwarded-For ACL match.

To get started, the ACL match is probably simpler.

Anyone wanting to take active part in the Squid development process are
most welcome to do so. See devel.squid-cache.org for details.

Regards
Henrik Nordström
Squid Hacker

Daniel Barron wrote:
>
> First, thanks for the reply!
>
> In message <3BED10E1.B90EF19E@squid-cache.org>
> Henrik Nordstrom <hno@squid-cache.org> wrote:
>
> > Daniel Barron wrote:
> >
> > > a) modify the log setting so that it logs the results from an XFF entry
> > > and this can be in addition or in replacement for the source ip entry.
> >
> > Requires changes to the C code. You are welcome to add the code required,
> > but please keep in mind that headers can easily be forged so the header
> > should not be seen as more than advisory.
>
> The sort of environment I would want to use it in is schools (generally with
> young children) so forged HTTP headers would not be an issue ;)
>
> If I were to add the code required, is it likely to ever be incorperated into
> the main tree? The reason I ask is that as each new version of squid comes
> out I would need to repatch and recompile and I think that this feature would
> actually be really useful for some people, not just me.
>
> >
> > > b) set up ACLs according to the X-Forwarded-For header value.
> > >
> > > How do I do this? I've looked at the FAQ and not found the answer and
> > > had a look at quite a few mailing list archive entries with the word
> > > 'forwarded' in and not found the answer. Infact this is how I came to
> > > this email that is quoted. I've also looked at the squid.conf and not
> > > seen a way to do this. Also the ACL information in the FAQ suggests that
> > > b) is impossible.
> >
> > This too requires changes to the C code, but not very much.
>
> Again, the same question.
>
> Thanks for your time.
>
> --
> Daniel Barron
Received on Thu Nov 15 2001 - 12:26:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:15 MST