Re: [squid-users] let squid to request the page using client IP?

From: Brendan Kearney <bpk678_at_gmail.com>
Date: Thu, 07 Aug 2014 18:21:53 -0400

On Thu, 2014-08-07 at 22:02 +0000, Mark jensen wrote:
> I have asked this question on Apache mailing list but they tell me to ask it here:
>
> we know that we can allow some IPS with out authentication using Allow from IP:
>
> <Directory /var/www/html/template>
> Order allow,deny
> Allow from 192.168.1.5
> Satisfy any
> AuthName "LDAP Authentication"
> AuthType Basic
>
> AuthBasicProvider ldap
> AuthzLDAPauthoritative off
> AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*)
> </Directory>
>
> But what if we use proxy (squid) in front, then the source IP will be the proxy IP, How can I make Apache to deal with the client IP not the proxy IP?
>
> or How to let squid to request the page using client IP?
>

you will want to look into the X-Forwarded-For header. Make sure you
are inserting it with squid, and that apache is parsing the header for
the value and basing the access on it. the client ip will be in the
first position (0 based, i think), when using comma (,) as a delimiter.
Received on Thu Aug 07 2014 - 22:20:22 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 08 2014 - 12:00:04 MDT