Re: Passthrough TCP/IP address

From: Duane Wessels <>
Date: Wed, 22 Jan 97 14:04:07 -0800 writes:

> Is there anyway to get the Squid proxy server to send the
>TCP/IP address the machine hitting the web server via the proxy? That is, say
>John Q. Public is on and is using Netscape which in turn
>uses a proxy server on Now John clicks on a link to
> Normally the web server would see
> calling. How would one configure the proxy server to
>tell that it is calling?

See the 1.1 Release Notes:

X-Forwarded-For request header
Squid used to add a request header called "Forwarded" which appeared
in some early HTTP/1.1 draft documents. This header had the format

    Forwarded: by cache-host for client-address

Current HTTP/1.1 draft documents instead use the "Via" header, but it
does not provide any standard way of indicating the client address
in the request. Since a number of people missed having the originating
client address in the request, Squid now adds its own request header
called "X-Forwarded-For" which looks like this:

    X-Forwarded-For:, unknown,

Entries are always IP addresses, or the word "unknown" if the address
could not be determined or if it has been disabled with the
'forwarded_for' configuration option.

We must note that access controls based on this header are extremely
weak and simple to fake. Anyone may hand-enter a request with any IP
address whatsoever. This is perhaps the reason why client IP addresses
have been omitted from the HTTP/1.1 specification.

Duane W.
Received on Wed Jan 22 1997 - 14:10:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:09 MST