Re: [squid-users] squid accel peer auth basic, may be X-Forwarded-For prob from Amos Jeffries on 2007-10-18 (squid-users)

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 19 Oct 2007 13:59:21 +1300 (NZDT)

> Hi,
>
> I've a squid Version 2.6.STABLE16
>
> with the following config accel mode
>
> cache_peer php-01 parent 80 0 no-query originserver round-robin weight=1
> login=PASS max-conn=100
> #cache_peer php-02 parent 80 0 no-query originserver round-robin
> weight=0 login=PASS
> cache_peer php-03 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-04 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-05 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-06 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-07 parent 80 0 no-query originserver round-robin weight=3
> login=PASS max-conn=100
> cache_peer php-08 parent 80 0 no-query originserver round-robin weight=1
> login=PASS max-conn=100
>
>
> 1192712203.711 3 12.34.56.78 TCP_REFRESH_HIT/200 2378 GET
> http://proxy-03.love.mydomain.com/_admin/style.css - ROUNDROBIN_PAR
> ENT/php-07 text/css
> 1192712204.363 4 12.34.56.78 TCP_REFRESH_MISS/401 851 GET
> http://proxy-03.love.mydomain.com/_admin/style.css - ROUNDROBIN_PAR
> ENT/php-07 text/html
>
> This page is auth basic protected + ip based protected
> http://proxy-03.love.mydomain.com/_admin/style.css
>
> normally is should pass on the ip based auth basic auth scheme
>
> But it fails.
> it seems to be an X-Forwarded-For problem,

Depends on how your authentication helper is coded to check for IP and
whether you have X-Forwarded-For visible or silent in any given squid.

> here is the apache peer access log
>
> proxy-03.mydomain.com - - [18/Oct/2007:15:48:37 +0200] "GET
> /_admin/style.css HTTP/1.0" 401 480 "-" "Mozilla/5.0 (Windows; U; W
> indows NT 5.1; fr; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
>
>
> and proxy squid access log:
> Thu Oct 18 15:48:37 2007 4 12.34.56.78 TCP_REFRESH_MISS/401 855 GET
> http://proxy-03.love.mydomain.com/_admin/style.css -
> ROUNDROBIN_PARENT/php-04 text/html
>
> we should have IP 12.34.56.78 instead of the proxy hostname

IP in stead of *which* peer hostname above?
  "proxy-03.mydomain.com"? - apache configured with 'resolve hostnames on'
  "proxy-03.love.mydomain.com"?
  "php-04"? - squid configured with resolve hostnames on'

Amos
Received on Thu Oct 18 2007 - 18:59:24 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT