[squid-users] How to set the IP of the real originator in HTTP requests (instead of Squid's IP)?

From: Leonardo <leonardodiserpierodavinci_at_gmail.com>
Date: Tue, 29 Nov 2011 17:35:20 +0100

Dear all,

We have a Cisco ASA firewall between our internal network and the
Internet. Our Squid transparent proxy (v3.1.7) is just behind the
firewall.

Our problem concerns IP address translation from private to public.
Specifically, we would like that clients go out on the Web with a
public IP address which depends on the subnet the client is in.
However, we can't differentiate the addresses as the Cisco ASA sees
only the IP private address of the Squid as originator of all HTTP
requests.
I haven't set the directive forwarded_for in my Squid config, which
should mean that, by default, the real originator is passed in a
X-Forwarded-For header.

I'd like to know if there is something else that can be done on the
Squid side, or if now I need to work solely on the config of the Cisco
ASA (as I believe).

Thanks for your time and your answers,

L.
Received on Tue Nov 29 2011 - 16:35:27 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 30 2011 - 12:00:03 MST