Re: [squid-users] Downstream proxy, X-Forwarded-For and ips logged in squid

From: Daniel Barron <squidguard@dont-contact.us>
Date: Sun, 17 Jun 2001 12:23:53 GMT

In message <3B2C772E.148405B4@hem.passagen.se> you wrote:

> Daniel Barron wrote:
> >
> > I have a downstream proxy that adds X-Forwarded-For: to the header, but
> > squid still logs the source ip as that of the downstream proxy. Is there a
> > setting I need to change to (a) make it log the x-f-f ip, or (b) think of
> > the x-f-f ip as the source ip?
>
> Not implemented. You have to code it if you want it.

How dissapointing. AFAIK squid supports adding the X-F-F line to the header.
So it's odd and a shame it does not support it incomming.

Yes I could code it but I want to use a standard squid rather than a modified
version for my own reasons,

Is there another way in which squid could pick up and log the source ip if
it's going through a downstream proxy? RFC standard or not - as long as its
built-in by default?

>
> Note: X-Forwarded-For may contain a chain of IP's, and can easily be
> forged by malicious users.

Yer, I know. I was not planning any acl security based on it. It was just
for logging and for working round another problem.

>
> --
> Henrik Nordstrom
> Squid Hacker

Thanks for the reply.

-- 
Daniel Barron
(Visit http://dansguardian.org/ - True web content filtering for all)
Received on Sun Jun 17 2001 - 05:23:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:46 MST