RE: [squid-users] squid, cache_peer and client's IP address

Yeah, you are absolutely right. IMP can and I have even implemented
X-Forwarded-For in my own IMP. And X-Forwarded-For reports all the IPs for
all the proxies and even the original client IP.

But, my problem is, unfortunately Hotmail, Yahoo etc. free webmails do not
implement X-Forwarded-For in their webmail software to include it in the
header. So any user of mine using Hotmail can send a mail to someone using
remote sendmail server (which he obviously has access to or an open relay)
and be anonymized 'casue Hotmail only reports X-Originating-IP and in my
case the X-Originating-IP is my last proxy server.

Actually, what I am looking for is some sort of way to tell squid to report
its parent squid server the original client IP instead of its own IP?

Like in my first proxy server I get logs like:

1030095238.168 44 210.193.13.44 TCP_MISS/304 144 GET
http://images.neopets.com/items/toy_poogle_red.gif -
FIRST_UP_PARENT/210.193.2.70 -
1030095238.177 41 210.193.14.200 TCP_MISS/304 116 GET
http://www.fundsupermart.com/main/index.html -
FIRST_UP_PARENT/210.193.2.70 -
1030095238.193 57 210.193.13.44 TCP_MISS/200 6225 GET
http://www.magewar.com/image/archmage001.gif - FIRST_UP_PARENT/210.193.2.70
image/gif

and in the parent server (210.193.2.70) I get:

1030095235.93 1020 210.193.2.75 TCP_MISS_PRIVATE_ON_STOP_LIST/200 3747 GET
http://uk.artistguide.real.com/?artist=The%20Beatles&album=1967-1970%20(Disc
%202)&DC=UNK&CO=sg&LP=en-gb&PV=6.0.10.505&pv=6.0.10.505&nextartist=&page=&pa
geloc= - DIRECT/207.188.7.55 "text/html; charset=utf-8"
1030095235.97 280 210.193.2.75 TCP_MISS_PRIVATE_ON_STOP_LIST/200 331 GET
http://www.flashkit.com/RealMedia/ads/adstream_lx.cgi/intm/webdev/www.flashk
it.com/index/1112626536/cp3/Trellian_9d/PromoteYourWebsite.html/643263313032
34363364363566363030?_RM_EMPTY_ - DIRECT/63.146.109.204 "image/gif"
1030095235.99 390 210.193.2.75 TCP_MISS_PRIVATE_ON_STOP_LIST/200 3844 GET
http://216.130.218.245:8080/phpads5/adview.php?bannerID=87 -
DIRECT/216.130.218.245 "image/gif"

You can see that the IPs in the parent server is the previous squid
server's. Is it possible to report here the original client IP?

Regards,

Zia

-----Original Message-----
From: Graeme Wood [mailto:Graeme.Wood@ed.ac.uk]
Sent: Friday, August 23, 2002 5:14 PM
To: Henrik Nordstrom
Cc: mzr@swiftech.net.sg; Squid Users
Subject: Re: [squid-users] squid, cache_peer and client's IP address

It is an email header and nothing to do with HTTP. Programs such as IMP
can stick these extra headers in mail they construct to aid in tracking
the source of mail sent. I guess what is happening here is that the
connection is coming via a proxy and the proxy's address is being used
rather than the address that it was forwarded for. This is a problem for
the implementation of the webmail client rather than squid, though if the
request has been anonymized so that the X-Forwarded-for address is not
available, then there is nothing that the webmail client can use apart
from the connection adddress.

Cheers.

On Thu, 22 Aug 2002, Henrik Nordstrom wrote:

> Squid knows nothing about a X-Originating-IP header. Never heard about
> it before.
>
> Regards
> Henrik
>
>
> Ziaur Rahman wrote:
>
> > I get the client's IP address from the X-Forwarded-For just fine. Now,
the
> > X-Originating-IP header, that is widely used by many free webmails, (i.e
> > hotmail, yahoo and others) reports the last (parent) proxy server's IP.
I
> > believe the first server (squid) is reporting X-Originating-IP to the
parent
> > as its own IP instead of client's IP. Is there any way I can make the
> > X-Originating-IP report as the client's IP or may be assign
> > X-Forwarded-For's values in X-Originating-IP? I hope I am not
fantasizing..
> > :)
> >
> > Regards,
> >
> > Zia
> >
>
>

============================================================================
=
Graeme Wood Email: Graeme.Wood@ed.ac.uk
Unix Systems Support Phone: +44 131 650 5003
The University of Edinburgh Fax: +44 131 650 6552
============================================================================
=
Received on Fri Aug 23 2002 - 04:15:13 MDT