[squid-users] X-Forwarded-For Header
Hi friends, I'm using squid/3.0.STABLE25 and I have a problem for access to a webpage that checks the X-Forwarded-For header. It looks like the web requires that X-Forwarded-For header contains only the IP of my client, but my squid proxy are sending this header: forwarded_for on -- X-Forwarded-For: 192.168.2.185, 127.0.0.1 forwarded_for delete -- X-Forwarded-For: 192.168.2.185, unknown forwarded_for truncate -- X-Forwarded-For: 192.168.2.185, unknown forwarded_for transparent -- X-Forwarded-For: 192.168.2.185, unknown forwarded_for off -- X-Forwarded-For: 192.168.2.185, unknown Can I configure squid for send only this header?: X-Forwarded-For: 192.168.2.185 Regards -- Fran M.
[squid-users] X-Forwarded-For Header and Rewriter
Hi, does anybody know if it is possible to access the X-Forwarded-Header inside of a rewriter script (squid used as reverse proxy). AFAIK, there is only the ip-address of the requesting server available which may be the ip of another cache-server. Background: We have another external cache server that queries our squids and we want to pass the client ip to an external script which makes decisions about the client ip: e.g. redirection to a special url if certain ips are there. I know that it is easy to trick the x-forwarded-header to fake ips, but nevertheless. if I use something like external_acl %SRC with an external script I can only say:OK or ERR, i.e. access or not. But I want to give the client different urls back depending on its ip. Or is there any other possibility to make such decisions (with the x-forwarded-for header information) outside the redirect script? thx in advance, max -- Echte DSL-Flatrate dauerhaft für 0,- Euro*! Feel free mit GMX DSL! http://www.gmx.net/de/go/dsl
Re: [squid-users] X-Forwarded-For Header and Rewriter
[EMAIL PROTECTED] wrote: Hi, does anybody know if it is possible to access the X-Forwarded-Header inside of a rewriter script (squid used as reverse proxy). AFAIK, there is only the ip-address of the requesting server available which may be the ip of another cache-server. Background: We have another external cache server that queries our squids and we want to pass the client ip to an external script which makes decisions about the client ip: e.g. redirection to a special url if certain ips are there. I know that it is easy to trick the x-forwarded-header to fake ips, but nevertheless. if I use something like external_acl %SRC with an external script I can only say:OK or ERR, i.e. access or not. But I want to give the client different urls back depending on its ip. Or is there any other possibility to make such decisions (with the x-forwarded-for header information) outside the redirect script? thx in advance, max http://devel.squid-cache.org/projects.html#follow_xff might be just what you are looking for. Be aware that development patches are not supported and may set your hair on fire. Also, be aware: This patch changes the configure.in file, which is an input to autoconf. You must run bootstrap.sh after applying this patch, and that will run autoconf for you. autoconf will generate a new configure script, which will have the new --enable-follow-x-forwarded-for option. Chris
Re: [squid-users] X-Forwarded-For Header and Rewriter
tis 2006-06-06 klockan 13:26 -0800 skrev Chris Robertson: http://devel.squid-cache.org/projects.html#follow_xff might be just what you are looking for. Be aware that development patches are not supported and may set your hair on fire. This patch has been included in the upcoming 2.6 release. You are welcome to try out the 2.6 pre-release if you like to investigate this. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] X-Forwarded-For header cleanup
Hi folks, My Squid always modifies the X-Forwarded-For header with the client-IP. I'm now in a situation I want to keep the X-Forwarded-For header as it is.. As far as i see it's only possible to disable the X-forwarded-for header, which will result the header as: X-Forwarded-For: Unknown. At this time, I have already a X-Forwarded-For header. My final header as Squid will send out is: X-Forwarded-For: my-client-ip-by-other-squid, other proxy server I want Squid to keep the header for what it is, thus: input: X-Forwarded-For: my-client-ip-by-other-squid ouput: X-Forwarded-For: my-client-ip-by-other-squid Is this possible? Thanks, Janno.
Re: [squid-users] X-Forwarded-For header cleanup
Yep, I think I'm in the same situation. I think it's better that when we set forwarded_for off in squid.conf, we should never see X-Forwarded-For: Unknown. when there is no X-Forwarded-For previously, and squid will not add unknown when we already have one. On Wed, 17 Nov 2004 10:12:38 +0100, Janno de Wit [EMAIL PROTECTED] wrote: Hi folks, My Squid always modifies the X-Forwarded-For header with the client-IP. I'm now in a situation I want to keep the X-Forwarded-For header as it is.. As far as i see it's only possible to disable the X-forwarded-for header, which will result the header as: X-Forwarded-For: Unknown. At this time, I have already a X-Forwarded-For header. My final header as Squid will send out is: X-Forwarded-For: my-client-ip-by-other-squid, other proxy server I want Squid to keep the header for what it is, thus: input: X-Forwarded-For: my-client-ip-by-other-squid ouput: X-Forwarded-For: my-client-ip-by-other-squid Is this possible? Thanks, Janno.
[squid-users] X-Forwarded-For header
Hi all, I have patched the squid with the X-Forward-For header patch. But, still no luck. I am still getting 127.0.0.1 in access.log. My current setup is Dansguardian - Squid Dansguardian is listning on 8080 and squid is listnening on 3128 on 127.0.0.1. I have enabled ip forwrding in Dansguardian. But in squid access.log, I still get 127.0.0.1. Please help me. I want to get the ipaddresses of the clients who are hitting the dansguardian in the access.log of squid. Regards Abdul Khader __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/
Re: [squid-users] X-Forwarded-For header
On Tue, 3 Feb 2004, Abdul Khader wrote: Hi all, I have patched the squid with the X-Forward-For header patch. But, still no luck. I am still getting 127.0.0.1 in access.log. Is Dansguardian sending a X-Forwarded-For header to Squid? Have you told Squid to look into the header? (see squid.conf.default after installing your patched Squid or the documentation on the follow_xff web site). Regards Henrik
Re: [squid-users] X-Forwarded-For: header
1) is it possible to config squid NOT to set this header at all? I think header_access X-Forwarded-For deny all should do. You can remove it from the source if you feel inclined so. Just do a grep -r. Don't have answers to other questions. Tesla _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: [squid-users] X-Forwarded-For: header
That works! amazing. I thought header_access and header_replace only works for the headers that come from the client. not the ones (like, X-Forwarded-For) that are set from squid itself. I actually tried header_replace X-Forwarded-For 1.2.3.4 a few days ago but still got unknown. btw, if I set forwarded_for to off, shouldn't squid stop sending the X-Forwarded-For header instead of sending a bogus unknown? Frank On Wed, 29 Jan 2003, Tesla 13 wrote: 1) is it possible to config squid NOT to set this header at all? I think header_access X-Forwarded-For deny all should do. You can remove it from the source if you feel inclined so. Just do a grep -r. Don't have answers to other questions. Tesla _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: [squid-users] X-Forwarded-For: header
Frank Liu wrote: 2) is it possible to config quid to send a user defined IP (say the IP of the proxy server itself), rather than unknown ? Should be possible to change the header to say whatever you feel like via header_replace. on a related one, is it possible to insert an customer HTTP header? Not without first coding the feature I think.. but maybe header_replace can be used.. Regards Henrik