Re: Fw: [SQU] source IP restriction problem from Wenzhuo Zhang on 2000-11-14 (squid-users)

From: Wenzhuo Zhang <wenzhuo@dont-contact.us>
Date: Wed, 15 Nov 2000 12:36:43 +0800

On Wed, Nov 15, 2000 at 12:07:48PM +0800, Carl Li wrote:
> Is there anyone can help me? Can Squid forward client's request with client's original IP ?
>
You can do this in the routers or in the OS where squid is running on.
If you run linux, you can do this using ipchains.

Wenzhuo

> thanks!
>
> Carl
>
>
> ----- Original Message -----
> From: "Jens-S. Voeckler" <voeckler@rvs.uni-hannover.de>
> To: "Carl Li" <zmli@cernet.edu.cn>
> Sent: Tuesday, November 14, 2000 6:26 PM
> Subject: Re: [SQU] source IP restriction problem
>
>
> > On Tue, 14 Nov 2000, Carl Li wrote:
> >
> > ]Thank you sir. You know, we have bought some web database service from
> > ]foreign university's library which uses source-IP for authentication. If
> > ]we use Squid as a proxy and Squid's IP cannot be authenticated by the
> > ]web server, then we will not get the service we bought. It's a critical
> > ]problem. So, we want Squid just forward client's request to the web
> > ]server without any change to the request's IP address. Can Squid do it
> > ]in this way?
> >
> > This is the n-th time I have heard that some university libraries use IP
> > based authentication. Probably some lib thought it is a great idea and
> > everylib else followed the Lemmings. IP based authentication is as much a
> > quick hack as it is *not* secure. So if everyone pressures their
> > respective library services to use a *decent* scheme, supposedly based on
> > some secure authentication protocol which is independent of the transport
> > protocol, hopefully the issue will die out some day soon.
> >
> > Your question, though, can better be answered by someone who actually does
> > "transparent" things with Squid.
> >
> > Sigh,
> > Dipl.-Ing. Jens-S. Vöckler (voeckler@rvs.uni-hannover.de)
> > Institute for Computer Networks and Distributed Systems (RVS)
> > University of Hanover, Germany; ++49 511 762 4726
> >
> >
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Tue Nov 14 2000 - 21:41:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:22 MST