Re: Passthrough TCP/IP address

From: Duane Wessels <wessels@dont-contact.us>
Date: Wed, 22 Jan 97 14:04:07 -0800

blape@utk.edu writes:

>
> Is there anyway to get the Squid proxy server to send the
>TCP/IP address the machine hitting the web server via the proxy? That is, say
 
>John Q. Public is on pc101.someplace.edu and is using Netscape which in turn
>uses a proxy server on bigmachine.someplace.edu. Now John clicks on a link to
 
>http://someother.place.edu/index.html. Normally the web server would see
>bigmachine.someplace.edu calling. How would one configure the proxy server to
 
>tell someother.place.edu that it is pc101.someplace.edu calling?

See the 1.1 Release Notes:

X-Forwarded-For request header
==============================================================================
Squid used to add a request header called "Forwarded" which appeared
in some early HTTP/1.1 draft documents. This header had the format

    Forwarded: by cache-host for client-address

Current HTTP/1.1 draft documents instead use the "Via" header, but it
does not provide any standard way of indicating the client address
in the request. Since a number of people missed having the originating
client address in the request, Squid now adds its own request header
called "X-Forwarded-For" which looks like this:

    X-Forwarded-For: 128.138.243.150, unknown, 192.52.106.30

Entries are always IP addresses, or the word "unknown" if the address
could not be determined or if it has been disabled with the
'forwarded_for' configuration option.

We must note that access controls based on this header are extremely
weak and simple to fake. Anyone may hand-enter a request with any IP
address whatsoever. This is perhaps the reason why client IP addresses
have been omitted from the HTTP/1.1 specification.

Duane W.
Received on Wed Jan 22 1997 - 14:10:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:09 MST