Re: [squid-users] Is it possible to set tproxy at httpd-accel mode?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 12 Sep 2009 16:50:52 +1200

MontyRee wrote:
> Hello, all.
>
> I saw much useful function named tproxy.
> So pleaase check below is possible or not.
>
>
> Client(192.168.3.2) ==> http-accelerator mode squid(10.10.1.2) ==> apache web server(10.10.1.1)
>
> When I see the log file at apache, only cache(10.10.1.2) ip will be seen without regard to clients.
> but when I set tproxy at squid server,I can see the real client IPs, right?
>
> then how can I set iptables rule at squid server(10.10.1.2)?
> It seems that most examples are for forward proxy not httpd-accel mode.
>
> http://wiki.squid-cache.org/ConfigExamples/
>
> I know that "HTTP_X_FORWARDED_FOR'" would be possible,
> but I don't want it. Please share how to set tproxy for accel mode.
>
>
> Thanks in advance.
>

No its not.

accel mode == reverse proxy == squid pretending to be a web server.

tproxy == squid pretending not to be there.

When Squid pretends not to be there it cannot perform the actions needed
to make it look like a web server.

X-Forwarded-For is the way to do this. Whether you want to do it that
way or not. Its the way you get the real client IP through the various
middleware proxies already passing traffic from box to box around the
Internet in a www version of NAT.

Amos

-- 
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19
  Current Beta Squid 3.1.0.13
Received on Sat Sep 12 2009 - 04:50:58 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:02 MDT