Re[2]: [squid-users] Detect source IP Address via Squid from Farhad Ibragimov on 2009-07-29 (squid-users)

From: Farhad Ibragimov <inara.ibragimova_at_gmail.com>
Date: Wed, 29 Jul 2009 12:51:21 +0500

Dear Amos

Please look at this

Client ---> Router with WCCP ---> Proxy squid(3.0.15)---> Apache

Apache see request from Proxy squid server . My questions is , is it
possible to see requested ip address from Client in Apache logs file ? If yes , how can i
do this ?

My configuration
Linux "MY DOMAIN" 2.6.18-128.1.16.el5 #1 SMP Tue Jun 30 06:07:26 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

# WELCOME TO SQUID 3.0.STABLE15
# ----------------------------
http_port 3128 transparent
cache_mem 1024 MB
#minimum_object_size 32 KB
icp_port 0
wccp2_router "HIDDEN"
visible_hostname "HIDDEN"
url_rewrite_children 20
cache_dir ufs /cache 6000 16 256
cache_swap_low 90
cache_swap_high 95
allow_underscore on
request_header_max_size 20 KB
client_persistent_connections on
server_persistent_connections on
maximum_object_size_in_memory 50 KB
cache_replacement_policy heap LFUDA
maximum_object_size 50 MB
######LOG################
access_log /var/squid/logs/access.log squid
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log
###############################
cache_mgr "HIDDEN"
httpd_suppress_version_string on
# SNMP OPTIONS
# -----------------------------------------------------------------------------
#snmp_port 1161
#snmp_access allow snmppublic localhost
#snmp_access deny all
cache_effective_user squid
cache_effective_group squid
###############################################################
acl dayaz dstdomain "HIDDEN"
always_direct allow "HIDDEN"
###############################################################
refresh_pattern -i \.gif$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.png$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpeg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.pdf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.zip$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tar$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.gz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tgz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.exe$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.prz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.ppt$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.inf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.swf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mid$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.wav$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mp3$ 43200 100% 43200 override-lastmod override-expire

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
##########################################
negative_ttl 0 seconds
#########################################
# ACCESS CONTROLS
##############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mynet src "HIDDEN"

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# TAG: http_access
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access allow localnet
http_access allow mynet
http_access deny all

icp_access deny all
htcp_access deny all

hierarchy_stoplist cgi-bin ?

# TAG: debug_options
# Logging options are set as section,level where each source file
# is assigned a unique section. Lower levels result in less
# output, Full debugging (level 9) can result in a very large
# log file, so be careful. The magic word "ALL" sets debugging
# levels for all sections. We recommend normally running with
# "ALL,1".
#
#Default:
# debug_options ALL,1

icp_port 0
htcp_port 0
log_icp_queries off

allow_underscore on

# WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
#wccp_version 4
# wccp2_rebuild_wait on
# wccp2_forwarding_method 1
# wccp2_return_method 1
# wccp2_assignment_method 1
# wccp2_service standard 0
# wccp2_weight 10000
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0

# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
# error_directory /squid/share/errors/templates
email_err_data on

client_db on
coredump_dir /var/squid/cache

BR
Received on Wed Jul 29 2009 - 07:51:33 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 29 2009 - 12:00:05 MDT