Re: [squid-users] Downstream proxy, X-Forwarded-For and ips logged in squid

From: Daniel Barron <squidguard@dont-contact.us>
Date: Sun, 17 Jun 2001 14:11:27 GMT

In message <20010617053320.A23347@squid-cache.org> you wrote:

> On Sun, Jun 17, 2001, Daniel Barron wrote:
[snip]
> > Is there another way in which squid could pick up and log the source ip if
> > it's going through a downstream proxy? RFC standard or not - as long as its
> > built-in by default?
>
> Well, you could always ask someone to code it for you.
> We're more than flexible .. it doesn't _have_ to go into the
> base distribution, but it has to be avaliable. :-)

It's a kind offer, but I have to refuse. I'll explain...

I'm writing DansGuardian (see sig) which uses squid to do all the fetching.
It acts as a pass-through filter. As expected, squid logs the source ip
as the loopback (if dg is running on the same machine), rather than the
client browser ip. This is not a big problem as the DG logs log the ip
instead, but a few of my users would like squid to log the client ip and
there is also a problem with squid and OWA (outlook web access) and as far
as I can tell, it's to do with the source ip changing. So that's why I
wanted the solution. I've added X-F-F to the header in DG to try to solve
it.

The current stable version of DG relies on two seperate libraries so to
install it you have to install and compile three things. This is bad enough
without having to patch squid. DG version 2 (being written) does not need
the libraries and so will be installable by RPM, but not if it requires a
patch to squid.

So you can see my reason for wanting to be able to do it in a standard
squid distribution.

Thanks for the help. I'll report back to the DG mailing list the findings.

-- 
Daniel Barron
(Visit http://dansguardian.org/ - True web content filtering for all)
Received on Sun Jun 17 2001 - 07:11:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:46 MST