Re: [squid-users] getting squid to choose between 2 proxy servers

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Mon, 21 Nov 2005 11:39:24 +0100

> > The problem is that when you want to download a file (for
> > example using wget)

On 18.11 08:43, Chris Robertson wrote:
> Does wget honor proxy.pac files?

it does not. proxy.pac is javascript and wget doesn't parse that.

> > it will always be downloaded through the non-free proxy server
> > regardless of whether the file I'm trying to retrieve is in the list of
> > free websites or not.

> Perhaps a silly question, but have you tried changing the order of the
> proxies in the PAC file?

I'm afraid that still wouldn't help. wget would go through unpaid proxy
even for paid sites...

> > Another thing is to make sure that the client's (which requests the
> > website) IP address gets sent to the parent squid servers as well so
> > that an authentication process can take place. (The parent squid
> > servers (proxy1, proxy2) check to see if your IP address has been
> > "opened up" for access (Is this where the x-forwarded-for option comes
> > in?))
>
> Here is where things get tricky... The XFF option allows the proxy to
> parse XFF headers and use the original client IP. So in your case, the
> easiest option would be to use XFF on the parent caches.

and have forwarded_for turned on on his proxy (the default)

> > Unfortunately I can't change anything on the parent proxy servers
> > (proxy1 & proxy2).
>
> This makes things considerably more tricky. You are going to have to
> either use a Linux patch (the name of which escapes me at the moment; it
> has been mentioned in the archives fairly recently though) to allow the
> Squid box to masquerade as the clients it serves, or use a one-to-one NAT
> (also mentioned in the archives).

but check before if they don't already follow X-Forwarded-For. and don't
trust you. 

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
Received on Mon Nov 21 2005 - 03:39:28 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:10 MST