Re: [squid-users] Downstream proxy, X-Forwarded-For and ips logged in squid

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sun, 17 Jun 2001 23:42:02 +1000

----- Original Message -----
From: "Daniel Barron" <squidguard@jadeb.com>
To: <squid-users@squid-cache.org>
Sent: Sunday, June 17, 2001 10:23 PM
Subject: Re: [squid-users] Downstream proxy, X-Forwarded-For and ips
logged in squid

> In message <3B2C772E.148405B4@hem.passagen.se> you wrote:
>
> > Daniel Barron wrote:
> > >
> > > I have a downstream proxy that adds X-Forwarded-For: to the
header, but
> > > squid still logs the source ip as that of the downstream proxy.
Is there a
> > > setting I need to change to (a) make it log the x-f-f ip, or (b)
think of
> > > the x-f-f ip as the source ip?
> >
> > Not implemented. You have to code it if you want it.
>
> How dissapointing. AFAIK squid supports adding the X-F-F line to the
header.
> So it's odd and a shame it does not support it incomming.

It's not surprising that squid doesn't _trust_ the header: anyone can
put any IP there. I _think_ that you can apply acl's to header contents,
and if you cannot, that's an ACL capability I'd be willing to look at
coding up.

Because it's not a trustable field, no standard squid is going to use
that field as the source ip for logging or standard ACL use. You can use
the log_mime_headers to log the details.

> Yes I could code it but I want to use a standard squid rather than a
modified
> version for my own reasons,
>
> Is there another way in which squid could pick up and log the source
ip if
> it's going through a downstream proxy? RFC standard or not - as long
as its
> built-in by default?

log_mime_headers. You'll get a _large_ log file, but that field will be
there. I'd suggest you look at moving your content filtering capbility
into squid. There are at least 3 different in-squid implementations I
know of, 1 commercial, 2 open source.

> >
> > Note: X-Forwarded-For may contain a chain of IP's, and can easily be
> > forged by malicious users.
>
> Yer, I know. I was not planning any acl security based on it. It was
just
> for logging and for working round another problem.

Perhaps we could help with that "other problem" ?

Rob

> >
> > --
> > Henrik Nordstrom
> > Squid Hacker
>
> Thanks for the reply.
>
> --
> Daniel Barron
> (Visit http://dansguardian.org/ - True web content filtering for all)
>
>
Received on Sun Jun 17 2001 - 07:41:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:46 MST