Hi Eliezer
I did access your url and it gave me the output as
Your IP address is : 122.166.1.184
I also tried doing
request_header_access X-Forwarded-For deny Safe_ports
Still no luck, log is as follows
1332199742.075 2 192.168.1.117 TCP_DENIED/403 3481 CONNECT
feeds.example.com:80 - NONE/- text/html
1332199746.551 1 192.168.1.117 TCP_DENIED/403 3481 CONNECT
feeds.example.com:80 - NONE/- text/html
this is what i did
$filePath = 'http://feeds.example.com/newsfeeds.xml';
$s = curl_init($filePath);
curl_setopt($s,CURLOPT_RETURNTRANSFER,1);
curl_setopt($s, CURLOPT_HEADER, false);
curl_setopt($s, CURLOPT_HTTPPROXYTUNNEL, TRUE);
curl_setopt($s, CURLOPT_PROXY, "http://192.168.1.117:3128");
curl_setopt($s, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($s, CURLOPT_URL, $filePath);
// Make the request
$xml = '';
$xml = curl_exec($s);
$xml = trim($xml);
curl_close($s);
On Tue, Mar 20, 2012 at 5:00 AM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> On 20/03/2012 00:36, Vijay S wrote:
>>
>> Sorry i cannot share the url and hence im replacing the feed as
>> http://feeds.example.com/newsfeeds.xml
>>
>> On Tue, Mar 20, 2012 at 1:37 AM, Eliezer Croitoru<eliezer_at_ngtech.co.il>
>> wrote:
>>>
>>> On 19/03/2012 18:58, Vijay S wrote:
>>>>
>>>>
>>>> Hi
>>>>
>>>> I have a my server box hosting apache and squid on centos machine.
>>>> When I send my request for clients feeds it works as they have
>>>> whitelisted my IP address, and when I make the call via squid its give
>>>> me invalid IP. I checked the access log for more information and found
>>>> out instead of sending my IP address its sending the localhost IP
>>>> address (127.0.0.1).
>>>
>>>
>>> i'm still trying to understand your network infrastructure.
>>> you have one apache server that also hosts squid?
>>
>> Yes
>>
>>> can you give the logs output?
>>
>> 1332194292.909 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT
>> feeds.example.com:80 - NONE/- text/html
>> 1332194335.536 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT
>> feeds.example.com:80 - NONE/- text/html
>> 1332194399.852 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT
>> feeds.example.com:80 - NONE/- text/html
>>
>>
>>> what is the /etc/hosts content?
>>
>> 122.166.1.184 localhost
>> 122.166.1.184 reactmedia.com
>> 122.166.1.184 rm117
>>
>>
>>> by clients you mean you clients of squid?
>>
>> there is no squid im accessing a feeds URL
>> http://feeds.example.com/newsfeeds.xml
>>
>>> what do you mean by whitelisted your ip address?
>>
>> request from my ip only can access this feeds. which they have
>> configured. it opens when i access from browser but when i called from
>> squid using php curl. it doesnot works
>>
>>> is the apache server is listening on port 80?
>>
>> Yes
>
>
> this part made me understand the problem.
> if you do want to understand the problem try get into this address:
> http://www1.ngtech.co.il/myip.php
> i think the problem is that the proxy is forwarding a "x_forward" header on
> the http request what's making the problem.
> if your proxy is using "the x_forward" you will see it in the page.
>
> in order to disable this header you can add to your squid.conf this
> directive:
> request_header_access X-Forwarded-For deny Safe_ports
>
> if it is indeed what caused the problem you should be ok.
>
> Regards,
> Eliezer
>
>
>>
>>> can you access it directly by ip + port 80? (no proxy)
>>
>> yes
>>
>>> when with proxy its not working?
>>
>> True
>>
>>> if its so then try to change the hosts file with the hostname in it to
>>> external_ip www.hostname.domain
>>
>> its not the domain to ip mapping issue, when my request is sent its
>> sent as 192.168.1.10 instead 122.166.1.184. and hence the client url
>> is blocking me considering as the ip is not listed in there
>> whitelisted IP's opend for me to access.
>>
>>
>>>
>>> Regards,
>>> Eliezer
>>>
>>>
>>>> I googled a little and found that using tcp_outgoing_address directive
>>>> I can control the outgoing IP address and to my bad luck this didn’t
>>>> work
>>>>
>>>> My configuration file is as follows
>>>>
>>>> acl all src all
>>>> acl manager proto cache_object
>>>> acl localhost src 127.0.0.1/255.255.255.255
>>>> acl to_localhost dst 127.0.0.0/32
>>>> acl SSL_ports port 443
>>>> acl Safe_ports port 80 # http
>>>> acl Safe_ports port 21 # ftp
>>>> acl Safe_ports port 443 # https
>>>> acl Safe_ports port 70 # gopher
>>>> acl Safe_ports port 210 # wais
>>>> acl Safe_ports port 1025-65535 # unregistered ports
>>>> acl Safe_ports port 280 # http-mgmt
>>>> acl Safe_ports port 488 # gss-http
>>>> acl Safe_ports port 591 # filemaker
>>>> acl Safe_ports port 777 # multiling http
>>>> acl CONNECT method CONNECT
>>>>
>>>> http_access allow manager localhost
>>>> http_access deny manager
>>>> http_access deny !Safe_ports
>>>> http_access deny CONNECT !SSL_ports
>>>>
>>>> http_access allow localhost
>>>> http_access deny all
>>>>
>>>> icp_access allow all
>>>>
>>>> http_port 3128
>>>>
>>>> visible_hostname loclahost
>>>> debug_options ALL,1 33,2 28,9
>>>> tcp_outgoing_address 122.166.1.184
>>>>
>>>> Can somebody help me with configuration for the my servers. It will be
>>>> of great help.
>>>>
>>>> Thanks& Regards
>>>> Vijay
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Eliezer Croitoru
>>> https://www1.ngtech.co.il
>>> IT consulting for Nonprofit organizations
>>> elilezer<at> ngtech.co.il
>>>
>
>
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> IT consulting for Nonprofit organizations
> elilezer <at> ngtech.co.il
Received on Mon Mar 19 2012 - 23:41:02 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 12:00:04 MDT