Re: [squid-users] Squid log : source from x_forwarded_for field

From: Hugo Deprez <hugo.deprez_at_gmail.com>
Date: Tue, 16 Aug 2011 17:38:31 +0200

Hello Amos,

thank you for your answer.

I did add the follow_x_forwarded_for allow localhost and it did what I
wanted to.
With regards to the security warnings, I am ok with it as all users
have the same acl.

Regards,

Hugo

On 12 August 2011 15:23, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 13/08/11 00:47, Hugo Deprez wrote:
>>
>> Dear community,
>>
>> I am trying To configure dansguardian with squid3.
>> I am running debian squeeze.
>>
>> Everything is working but I am trying to have the real IP source in
>> the squid's access.log file.
>>
>> I configured forwardedfor = on in dansguardian.conf,
>>
>> When I check The access.log file, i only see 127.0.0.1 as source of the
>> request.
>>
>> I did a network packet capture. And I found the field X-forwarded-for was
>> like :
>>
>> http.x_forwarded_for == "192.168.200.1, 127.0.0.1"
>>
>> In squid.conf I used the following log configuration :
>>
>> logformat combined %>a %>a %>A %>p %la %lp %ui %un
>> [%{%d/%b/%Y:%H:%M:%S +0000}tl] "%rm %ru HTTP/%rv" %>Hs %<st
>> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
>> access_log /var/log/squid3/access.log combin
>>
>> But %>a is still return 127.0.0.1.
>>
>> So is there a way to change the behaviour in order to show the real IP
>> address ?
>
> log_uses_indirect_client on
>
>>
>> Or is there a way to hide source 127.0.0.1 ?
>
> You define in squid.conf that 127.0.0.1 has a proxy you *trust* not to lie
> to you in its XFF header.
>
> Please read the security warnings about follow_x_forwarded_for
>  http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
>
>
>  follow_x_forwarded_for allow localhost
>
> NP: assuming that you still have the default localhost definition
> configured.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.14
>  Beta testers wanted for 3.2.0.10
>
Received on Tue Aug 16 2011 - 15:38:38 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 16 2011 - 12:00:02 MDT