Re: Squid & REMOTE_ADDR

From: Clifton Royston <cliftonr@dont-contact.us>
Date: Wed, 23 Jun 1999 10:07:10 -1000 (HST)

Brad Groshok writes:
> Evening all (again).
>
> Squid up and running like a dream on a PII-350,768Meg-ram on FreeBSD, 3*9Gig.
> Running transparent mode with cisco router. Squid Cache: Version 2.2.STABLE3
>
> Problem I'm having is:
> On a couple of our Sun Web servers (apache) we have some cgi programs that
> rely on the REMOTE_ADDR field to contain the ip address of the customer
> that is running the CGI (used for identifying local customers in data-base).
> Anyway with Squid running the REMOTE_ADDR as far as the cgi program is
> concerned is the ip address of the squid server, instead of the ip address
> of the dialed-in customer.
>
> I've run through the squid.conf file and tried a couple possibilities, but
> basically struck out.
>
> There might be a couple ways to skin this cat, but basically I guess I'm
> looking to allow requests to pass right through squid if they are accessing
> particular cgi programs or maybe even all cgi's hosted under a certain domain.

  I'm sure you'll get a definitive answer from one of the Squid gurus,
but I certainly haven't seen any way to do this in Squid. I also don't
*think* the Cisco route-map or redirect acls have a way to do this
based on bypassing redirects by matching strings within the URL.

  I think there *are* options on some of the layer 4 switches to track
TCP/IP sessions and do this kind of IP translation in each direction -
so the CGI server gets packets with the IP address of the client (but
the MAC addresss of your Squid server) - or to do matching of cgi
strings within the URL and decide not to redirect those requests to
your Squid server. I'm pretty sure you can do that with the ServerIron
switch we're testing now. You're probably talking about a $6K-10K
investment, if you decide to solve your problem that way. (On the
other hand, you get some other benefits like load-balancing and
transparent fail-over of cache servers, etc.)

  -- Clifton

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
        "An absolute monarch would be absolutely wise and good.  
           But no man is strong enough to have no interest.  
             Therefore the best king would be Pure Chance.  
              It is Pure Chance that rules the Universe; 
          therefore, and only therefore, life is good." - AC
Received on Wed Jun 23 1999 - 13:55:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:58 MST