Re: [SQU] Squid for cache only

Awie,
    There is no way today to have the traffic sent with a src ip address of your client machine. Squid (and MS Proxy & net appliance
& novell ICS & ...) are _proxy_ servers. That means that they make the request on your clients behalf.

There are some _theoretical_ ways to do that in the future, but no one has started work on them AFAIK. (Long hard process to get
that sort of IP protocol violation working properly.

The X-Forwarded-For HEADER will show the ip address of the client machine the request was forwarded for. UUNET need to alter their
logging to see that. However you have logs that you can use and match the timings of the log entries to find out who the user is.
That log information is probably private and covered by privacy laws in your country though - speak with your companies provacy
officer before disclosing the log data.

If the user is from your network UUNET are actually correct in coming to you. You (your company) are responsible for users from
within your networks. You should have an Acceptable Use Policy that covers actions such as the user took, and thus you should be
able to give them a warning of some sort. If UUNET did see the users IP, then they would track down the APNIC contact for that IP
block, and contact them - which is probably your boss :-].

In short, logging the true IP is not a serious issue in my opinion, educating your users, and being ready to work with UUNET to
identify the malicious user from your network is a better approach.

Rob

----- Original Message -----
From: "Awie" <awie@eksadata.com>
To: "Ilker Gokhan" <IlkerG@sumerbank.com.tr>; "Colin Campbell" <sgcccdc@citec.qld.gov.au>
Cc: "M. Yu" <myu@websprinter.net>; <squid-users@ircache.net>
Sent: Friday, January 19, 2001 3:48 AM
Subject: Re: [SQU] Squid for cache only

Re: [SQU] Squid for cache onlyIlker,

I tried to access internet link that directly use our IX link (I shutdown my Squid). My IP is apprear when I access
http://advanced-ip.crt1.net/ . I know that our IX is use old version of Squid.

My last question is;

Does TAG: forwarded_for on|off (that by default set to ON) will "expose" Squid's IP or browser IP?

We are blamed by UUNET that one of our user attacking their client WEB pages. Unfortunately, our Squid's IP is appearing in their
LOG. It seems all of HTTP request use the IP of Squid.

That's why I am looking for a way how to expose browser IP. As I remember, when I access internet through our Squid. There was
Squid's IP appearing at Yahoo's page that capable to show IP of requestor.

Please advise. Thx

Best Regards,

Awie

----- Original Message -----
  From: Ilker Gokhan
  To: 'Awie' ; Colin Campbell
  Cc: M. Yu ; squid-users@ircache.net
  Sent: Thursday, January 18, 2001 4:04 PM
  Subject: Re: [SQU] Squid for cache only

  # TAG: forwarded_for on|off
  # If set, Squid will include your system's IP address or name
  # in the HTTP requests it forwards. By default it looks like
  # this:
  #
  # X-Forwarded-For: 192.1.2.3
  #
  # If you disable this, it will appear as
  #
  # X-Forwarded-For: unknown
  #
  #forwarded_for on

  So you can check IP address of your client and proxy from here:
  http://advanced-ip.crt1.net/

  Hope this helps,
  Ilker G.

> Kimden: Awie [mailto:awie@eksadata.com]
> Tarih: Thursday, January 18, 2001 8:05 AM
> Kime: Colin Campbell
> Bilgi: M. Yu; squid-users@ircache.net
> Konu: Re: [SQU] Squid for cache only
>
>
> Colin,
>
> Many thanks for your explanation. However, I am a still
> curious to have
> trick, tools or utility (or something else) about how to expose the
> "requestor"...and Squid still able to do its job.
>
> Does Squid have ability to do that?
>
> Again, thank you so much for your help
>
>
> Best Regards,
>
> Awie
>
> ----- Original Message -----
> From: "Colin Campbell" <sgcccdc@citec.qld.gov.au>
> To: "Awie" <awie@eksadata.com>
> Cc: "M. Yu" <myu@websprinter.net>; <squid-users@ircache.net>
> Sent: Thursday, January 18, 2001 11:53 AM
> Subject: Re: [SQU] Squid for cache only
>
>
> > Hi,
> >
> > On Thu, 18 Jan 2001, Awie wrote:
> >
> > > Thanks M. Yu ! My main concern is how to expose our client's IP to
> internet
> > > although their request is through Squid.
> > >
> > > My IX (Internet eXchange) is also use Squid (even version
> 1.x). If I
> check
> > > the IP that I use, it is MINE ! So, I think that M. Yu is right.
> > >
> > > Folk, is there a setting to do that M. Yu explain?
> >
> > Let me explain how a browser and a proxy interact. Let's
> assume we are
> > trying to get to www.squid-cache.org.
> >
> > 1. No proxy/cache configured in browser.
> >
> > o user types: http://www.squid-cache.org/index.html
> > o browser connects to www.squid-cache.org
> > o browser sends "GET /index.html HTTP/1.0" followed by
> > some HTTP headers to the server
> >
> > There is only one TCP connection: from the browser to the server.
> > Therefore the server sees the browser IP in the connection
> and the browser
> > sees the server.
> >
> > 2. Now lets configure a proxy in the browser
> >
> > o user types: http://www.squid-cache.org/index.html
> > o browser consults its proxy configuration
> > o browser connects to proxy
> > o browser sends "GET http://www.squid-cache.org/index.html
> HTTP/1.0" plus
> > some HTTP headers to the proxy.
> > o proxy connects to www.squid-cache.org
> > o proxy sends "GET /index.html HTTP/1.0" plus some HTTP
> headers to the
> > server
> >
> > Now you can see there are TWO connections: browser-proxy
> and proxy-server.
> > The browser never sees the server and the server never sees
> the browser.
> >
> > When the proxy sends the "GET ..." plus headers, it can do
> what it likes
> > to the headers passed in by the browser. It can ignore them
> totally, it
> > can add to them, it can leave some out. M. Yu (I believe)
> was referring to
> > the option where the proxy will insert an HTTP header which
> has the client
> > IP address in it. The server can use that for logging but
> it is NOT the
> > address it sees in the IP packets.
> >
> > There are a number of good reasons why it is pointless
> having the proxy
> > send packets with the IP address of the client browser as the source
> > IP. The main one is the proxy would then be useless cos the
> server would
> > send the packets back to the client, not the proxy.
> >
> > Colin
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> >
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>

  Bu e-postada bulunan tüm fikir ve görüsler ve ekindeki dosyalar sadece adres sahib(ler)ine ait olup, Sümerbank A.S hiç bir sekilde
sorumlu tutulamaz.

  The information contained in this E-Mail and any files transmitted with it are intended solely for the use of the individual or
entity to whom they are addressed and do not reflect those of Sumerbank A.S.

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html