Re: [squid-users] Squid IP Presentation

From: Henrik Nordstrom <>
Date: Wed, 14 Mar 2001 22:19:48 +0100

It is not possible with Squid without quite a bit of hacking, and even
then it is only possible if Squid runs as the gateway (or some quite
complex routing is set up).

Why: To make it work, the Squid proxy must spoof the client IP address,
and spoofing is a servere violation of any IP standards. If there is any
route from the origin servers to the clients which does not go via the
proxy server then this spoofing is bound to fail, and even if it isn't,
it will still break some other things quite unexpectedly.

No, most vendors does not support this by default. Some have it as an
option you can enable in certain specific conditions.

Yes, at least one have done this with Squid.

No, I do not have the patches required (both Squid and Linux kernel
patching required).

Henrik Nordstrom
Squid hacker
Michael Baird wrote:
> I've looked through the mailing list and see several references from
> user's, wondering how to get squid to present the cache client's IP
> rather then the IP of the Squid machine it's running on. I've seen
> Henrik report it's possible (Cisco Cache's for example, present the
> client's IP, as do most caching software I've seen), does anybody have
> any further information on how to make this work, currently this is the
> only downside involved with using the squid cache. Websites, sometimes
> don't like it when suddenly when going to an SSL page the IP of the
> client changes, and also multiple users on the same sites and such, the
> way I see it, pretty much the entire problem with running the squid
> cache is related to this one thing.  I'm looking for someone who's made
> this work, I'm using linux2.4/IPtables/Squid2.4PreStable2, and some kind
> examples of the implementation would be nice too.
> Regards
Received on Wed Mar 14 2001 - 14:30:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:38 MST