On 13/08/11 00:47, Hugo Deprez wrote:
> Dear community,
>
> I am trying To configure dansguardian with squid3.
> I am running debian squeeze.
>
> Everything is working but I am trying to have the real IP source in
> the squid's access.log file.
>
> I configured forwardedfor = on in dansguardian.conf,
>
> When I check The access.log file, i only see 127.0.0.1 as source of the request.
>
> I did a network packet capture. And I found the field X-forwarded-for was like :
>
> http.x_forwarded_for == "192.168.200.1, 127.0.0.1"
>
> In squid.conf I used the following log configuration :
>
> logformat combined %>a %>a %>A %>p %la %lp %ui %un
> [%{%d/%b/%Y:%H:%M:%S +0000}tl] "%rm %ru HTTP/%rv" %>Hs %<st
> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
> access_log /var/log/squid3/access.log combin
>
> But %>a is still return 127.0.0.1.
>
> So is there a way to change the behaviour in order to show the real IP address ?
log_uses_indirect_client on
>
> Or is there a way to hide source 127.0.0.1 ?
You define in squid.conf that 127.0.0.1 has a proxy you *trust* not to
lie to you in its XFF header.
Please read the security warnings about follow_x_forwarded_for
http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
follow_x_forwarded_for allow localhost
NP: assuming that you still have the default localhost definition
configured.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10Received on Fri Aug 12 2011 - 13:23:15 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 16 2011 - 12:00:02 MDT