Re: [SQU] source IP restriction problem

From: Carl Li <zmli@dont-contact.us>
Date: Tue, 14 Nov 2000 10:31:48 +0800

Thank you sir. You know, we have bought some web database service from foreign university's library which uses source-IP for authentication. If we use Squid as a proxy and Squid's IP cannot be authenticated by the web server, then we will not get the service we bought. It's a critical problem. So, we want Squid just forward client's request to the web server without any change to the request's IP address. Can Squid do it in this way?

thanks again!

best regards,

Carl

 
----- Original Message -----
From: "Jens-S. Voeckler" <voeckler@rvs.uni-hannover.de>
To: "Carl Li" <zmli@cernet.edu.cn>
Cc: <squid-users@ircache.net>
Sent: Monday, November 13, 2000 5:37 PM
Subject: Re: [SQU] source IP restriction problem

> On Mon, 13 Nov 2000, Carl Li wrote:
>
> ]We want to establish a national wide cache mesh with Squid. But first we
> ]have to check if SQUID can be configured *TOTAL TRANSPARENCY* . That
> ]means neither the brower nor the web server know the existence of squid.
>
> Usually, you can trick most proxies - there is no such thing as total
> transparency, the reason WREC officially named them "interception
> proxies". In a request, there might be up to three destination addresses:
>
> a) the connect() address
> b) the URL address (only 1.1 and up, or proxy requests)
> c) the "Host:" header address
>
> Often, by maliciously setting one or two of the addresses to a different
> destination, you can detect an interception proxy based on the page
> delivered and the server queried.
>
> Ciao,
> Dipl.-Ing. Jens-S. Vöckler (voeckler@rvs.uni-hannover.de)
> Institute for Computer Networks and Distributed Systems (RVS)
> University of Hanover, Germany; ++49 511 762 4726
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Mon Nov 13 2000 - 19:36:48 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:21 MST