Re: Original header forwarding.

From: Walter Klomp <>
Date: Mon, 8 Sep 1997 22:01:42 +0800

 Thanks, I already found out how to do it this afternoon.

HTTP_X_FORWARDED_FOR will do the trick. I use it for local users only, but
sometimes these people don't set the proxy or do, but don't exclude my site,
so that's why I need the feature. Anyway squid supports it.

Thanks for the replies anyway.


-----Original Message-----
From: Christopher Davis <>
To: Walter Klomp <>
Cc: <>
Date: Monday, September 08, 1997 9:23 PM
Subject: Re: Original header forwarding.

>WK> == Walter Klomp <>
> WK> Is it possible for squid to forward the original requester
> WK> (end-user) address in the REMOTE_ADDR field of a HTTP request, and
> WK> if so, how is it done? I.e. how do I read this (new) variable in my
> WK> cgi-bin script if the requester goes though proxy?
>The REMOTE_ADDR variable is set by the HTTP server to equal the address
>it's actually connected to; this will be the proxy server when one is in
>use. Different proxies may send the original client's address in an
>HTTP header, but any such assertion supplied over the connection should
>not be used for authentication or access control in ANY WAY; it's
>trivial to lie about. (Some proxies are configured not to give the
>information out anyway; squid can do this, for example.)
> WK> I am asking this question because I think this is a good feature to
> WK> have and it will solve problems like or other cgi-bin
> WK> scripts which look at the originating address and act accordingly.
>The originating address itself is not suitable for authentication; it's
>too easily spoofed. If browser authors were less interested in flashy
>features, they'd have implemented digest authentication by now, and we
>could just use that for a much stronger form of authentication; as it
>is, either SSL (overkill) or Basic authentication (easily snooped) are
>the only two usable options.
Received on Mon Sep 08 1997 - 07:04:29 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:36:56 MST