Dear All,
I have this problem with fileserv.com:
If a client goes direct to the site, it would be ok; it can download any
file. However, it goes through Squid proxy, it breaks.
Can I tell Squid to act as if it were a normal/simple client, request a
page, and return it to the real client uncached for a certain domain
like fileserv.com?
I'm just wondering what is inside of Squid that makes it break. Can
Squid just act as a simple client in pass through mode even though it
uses its own IP?
Kind regards,
Khem
On 09/20/2011 11:31 AM, Luis Daniel Lucio Quiroz wrote:
> 2011/9/19 Khemara Lyn<lin.kh_at_wicam.com.kh>:
>
>> Dear Sir Amos,
>>
>> Thank you for your response and being helpful always.
>>
>> My squid.conf does have that "forwarded_for on" but I think, those public
>> upload/download file-sharing sites (fileserve, rapid share, etc.) are smart
>> enough to detect the header.
>>
>> Or is there a way to find out all the IP ranges used by those sites?
>> I would like to be able to block those IP ranges in WCCP access list so that
>> accesses to those sites will bypass my Squid box.
>>
>> Regards,
>> Khem
>>
>> On 09/20/2011 08:53 AM, Amos Jeffries wrote:
>>
>>> On Mon, 19 Sep 2011 14:59:54 +0700, Khemara Lyn wrote:
>>>
>>>> On 09/18/2011 04:38 PM, Saleh Madi wrote:
>>>>
>>>>> Dears,
>>>>>
>>>>> How could I configure the squid appear the clients real IP address
>>>>> instead of the squid IP address,
>>>>> the problem is that all clients get the same IP address which make
>>>>> problems in file sharing websites like mega upload, rapidshare and others
>>>>> websites
>>>>> we use squid in transparent mode with WCCP , please advice how to
>>>>> resolve this problem.
>>>>>
>>>>> Many thanks,
>>>>> Saleh Madi
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>> I have the same query but doubt if it is possible at all, esp. with WCCP.
>>>>
>>>> What I could do so far is that, I configure the Squid box to have
>>>> multiple IPs and multiple gateways (5 of them) with IPRoute2, "ip
>>>> route". Each time, it could appear as a different IP but still get
>>>> blocked by those file-sharing Web sites as you mentioned.
>>>>
>>>> I would greatly appreciate for any better idea.
>>>>
>>>> Thanks& regards,
>>>> Khem
>>>>
>>>
>>> WCCP passes packets unchanged to the Squid box.
>>>
>>> You need two things:
>>> 1) to pass the IP through, using "forwarded_for on". Which permits Squid
>>> to send the X-Forwarded-For header with Client IP.
>>> 2) the website to be smart enough to make use of the header. Some sites
>>> do not support or choose not to trust that HTTP header.
>>>
>>>
>>> Alternatively you could setup a transparent proxy with the TPROXY feature.
>>> Spoofing the client inbound IP on the outbound traffic. This does work with
>>> WCCP, but is a bit tricky.
>>> http://wiki.squid-cache.org/Features/Tproxy4
>>>
>>> Amos
>>>
>>>
>>>
>>
>>
> Maybe you may use a spool of public keys and also use squid
> url_rewrite capabilitie of 2.7 to cache file so this will reduce that
> symptom. How may IP's, how to configure squid is not easy to say, it
> requires analysis but it is a workarround if the X-Forwarded doesnt
> work.
>
> Khem, it is nice to know of you. Please contact me offline.
>
> LD
> http://www.twitter.com/ldlq
>
>
Received on Thu Sep 29 2011 - 08:41:16 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 29 2011 - 12:00:02 MDT