Re: [squid-users] X-Forwarded-For Header
El 29/04/2012 3:23, escribió: > Sorry for the top post. > > Firstly that website is broken. Xff is a list header and always has > been. > > Secondly 3.0 is an extremely old Squid version which only supports > on/off for the forwarded_for directive. You need to upgrade. > > Amos Thank you very much, Amos, I will update my squid installation as soon as I fix a problem with my test machine (RHEL + squid + kerberos + msktutil). Meanwhile, I need fix this problem in my current proxy server. I bypassed the website restriction using this: - request_header_access X-Forwarded-For deny all #forwarded_for off - With this config, squid doesn't include the Xff header and site allow the full access. Regards and thank you very much Fran M.
[squid-users] X-Forwarded-For Header
Hi friends, I'm using squid/3.0.STABLE25 and I have a problem for access to a webpage that checks the X-Forwarded-For header. It looks like the web requires that X-Forwarded-For header contains only the IP of my client, but my squid proxy are sending this header: forwarded_for on --> X-Forwarded-For: 192.168.2.185, 127.0.0.1 forwarded_for delete --> X-Forwarded-For: 192.168.2.185, unknown forwarded_for truncate --> X-Forwarded-For: 192.168.2.185, unknown forwarded_for transparent --> X-Forwarded-For: 192.168.2.185, unknown forwarded_for off --> X-Forwarded-For: 192.168.2.185, unknown Can I configure squid for send only this header?: X-Forwarded-For: 192.168.2.185 Regards -- Fran M.
Re: [squid-users] X-Forwarded-For Header and Rewriter
tis 2006-06-06 klockan 13:26 -0800 skrev Chris Robertson: > http://devel.squid-cache.org/projects.html#follow_xff might be just what > you are looking for. Be aware that development patches are not > supported and may set your hair on fire. This patch has been included in the upcoming 2.6 release. You are welcome to try out the 2.6 pre-release if you like to investigate this. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] X-Forwarded-For Header and Rewriter
[EMAIL PROTECTED] wrote: Hi, does anybody know if it is possible to access the X-Forwarded-Header inside of a rewriter script (squid used as reverse proxy). AFAIK, there is only the ip-address of the requesting server available which may be the ip of another cache-server. Background: We have another external cache server that queries our squids and we want to pass the client ip to an external script which makes decisions about the client ip: e.g. redirection to a special url if certain ips are there. I know that it is easy to trick the x-forwarded-header to fake ips, but nevertheless. if I use something like external_acl %SRC with an external script I can only say:OK or ERR, i.e. access or not. But I want to give the client different urls back depending on its ip. Or is there any other possibility to make such decisions (with the x-forwarded-for header information) outside the redirect script? thx in advance, max http://devel.squid-cache.org/projects.html#follow_xff might be just what you are looking for. Be aware that development patches are not supported and may set your hair on fire. Also, be aware: This patch changes the "configure.in" file, which is an input to "autoconf". You must run "bootstrap.sh" after applying this patch, and that will run "autoconf" for you. "autoconf" will generate a new "configure" script, which will have the new "--enable-follow-x-forwarded-for" option. Chris
[squid-users] X-Forwarded-For Header and Rewriter
Hi, does anybody know if it is possible to access the X-Forwarded-Header inside of a rewriter script (squid used as reverse proxy). AFAIK, there is only the ip-address of the requesting server available which may be the ip of another cache-server. Background: We have another external cache server that queries our squids and we want to pass the client ip to an external script which makes decisions about the client ip: e.g. redirection to a special url if certain ips are there. I know that it is easy to trick the x-forwarded-header to fake ips, but nevertheless. if I use something like external_acl %SRC with an external script I can only say:OK or ERR, i.e. access or not. But I want to give the client different urls back depending on its ip. Or is there any other possibility to make such decisions (with the x-forwarded-for header information) outside the redirect script? thx in advance, max -- Echte DSL-Flatrate dauerhaft für 0,- Euro*! "Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl
Re: [squid-users] X-Forwarded-For header cleanup
Yep, I think I'm in the same situation. I think it's better that when we set "forwarded_for off" in squid.conf, we should never see "X-Forwarded-For: Unknown." when there is no X-Forwarded-For previously, and squid will not add "unknown" when we already have one. On Wed, 17 Nov 2004 10:12:38 +0100, Janno de Wit <[EMAIL PROTECTED]> wrote: > Hi folks, > > My Squid always modifies the X-Forwarded-For header with the client-IP. > I'm now in a situation I want to keep the X-Forwarded-For header as it > is.. > As far as i see it's only possible to disable the X-forwarded-for > header, which will result the header as: > X-Forwarded-For: Unknown. > > At this time, I have already a X-Forwarded-For header. My final header > as Squid will send out is: > > X-Forwarded-For: , > > I want Squid to keep the header for what it is, thus: > input: > X-Forwarded-For: > ouput: > X-Forwarded-For: > > Is this possible? > > Thanks, Janno. >
[squid-users] X-Forwarded-For header cleanup
Hi folks, My Squid always modifies the X-Forwarded-For header with the client-IP. I'm now in a situation I want to keep the X-Forwarded-For header as it is.. As far as i see it's only possible to disable the X-forwarded-for header, which will result the header as: X-Forwarded-For: Unknown. At this time, I have already a X-Forwarded-For header. My final header as Squid will send out is: X-Forwarded-For: , I want Squid to keep the header for what it is, thus: input: X-Forwarded-For: ouput: X-Forwarded-For: Is this possible? Thanks, Janno.
Re: [squid-users] X-Forwarded-For header
On Tue, 3 Feb 2004, Abdul Khader wrote: > Hi all, > I have patched the squid with the X-Forward-For header > patch. > But, still no luck. I am still getting 127.0.0.1 in > access.log. Is Dansguardian sending a X-Forwarded-For header to Squid? Have you told Squid to look into the header? (see squid.conf.default after installing your patched Squid or the documentation on the follow_xff web site). Regards Henrik
[squid-users] X-Forwarded-For header
Hi all, I have patched the squid with the X-Forward-For header patch. But, still no luck. I am still getting 127.0.0.1 in access.log. My current setup is Dansguardian -> Squid Dansguardian is listning on 8080 and squid is listnening on 3128 on 127.0.0.1. I have enabled ip forwrding in Dansguardian. But in squid access.log, I still get 127.0.0.1. Please help me. I want to get the ipaddresses of the clients who are hitting the dansguardian in the access.log of squid. Regards Abdul Khader __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/
Re: [squid-users] X-Forwarded-For: header
Frank Liu wrote: > I actually tried that a few days ago (see my other post) and it didn't > work, which made me believe "header_replace" would only work for > headers set from the client, not for those headers set by squid itself. > > Now I re-read the squid.conf, maybe I have to "header_access" to deny > this header first, before "header_replace" can work??? Yes. Regards Henrik
Re: [squid-users] X-Forwarded-For: header
That works! amazing. I thought "header_access" and "header_replace" only works for the headers that come from the client. not the ones (like, X-Forwarded-For) that are set from squid itself. I actually tried header_replace X-Forwarded-For 1.2.3.4 a few days ago but still got "unknown". You probabably forgot to deny it with header_access first. btw, if I set "forwarded_for" to off, shouldn't squid stop sending the "X-Forwarded-For" header instead of sending a bogus "unknown"? I prefer to remove X-Forwarded-For from the source. Sometimes it leaks out from my configs and I am too lazy to find out what went wrong. Tesla _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
Re: [squid-users] X-Forwarded-For: header
On Wed, 29 Jan 2003, Henrik Nordstrom wrote: > Frank Liu wrote: > > > 2) is it possible to config quid to send a user defined IP (say > >the IP of the proxy server itself), rather than "unknown" ? > > Should be possible to change the header to say whatever you feel like > via header_replace. I actually tried that a few days ago (see my other post) and it didn't work, which made me believe "header_replace" would only work for headers set from the client, not for those headers set by squid itself. Now I re-read the squid.conf, maybe I have to "header_access" to deny this header first, before "header_replace" can work??? thanks! frank > > > on a related one, is it possible to "insert" an customer HTTP header? > > Not without first coding the feature I think.. but maybe header_replace > can be used.. > > Regards > Henrik >
Re: [squid-users] X-Forwarded-For: header
Frank Liu wrote: > 2) is it possible to config quid to send a user defined IP (say >the IP of the proxy server itself), rather than "unknown" ? Should be possible to change the header to say whatever you feel like via header_replace. > on a related one, is it possible to "insert" an customer HTTP header? Not without first coding the feature I think.. but maybe header_replace can be used.. Regards Henrik
Re: [squid-users] X-Forwarded-For: header
That works! amazing. I thought "header_access" and "header_replace" only works for the headers that come from the client. not the ones (like, X-Forwarded-For) that are set from squid itself. I actually tried header_replace X-Forwarded-For 1.2.3.4 a few days ago but still got "unknown". btw, if I set "forwarded_for" to off, shouldn't squid stop sending the "X-Forwarded-For" header instead of sending a bogus "unknown"? Frank On Wed, 29 Jan 2003, Tesla 13 wrote: > >1) is it possible to config squid NOT to set this header at all? > > I think > header_access X-Forwarded-For deny all > should do. > > You can remove it from the source if you feel inclined so. Just do a grep > -r. > > Don't have answers to other questions. > > Tesla > > _ > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > >
Re: [squid-users] X-Forwarded-For: header
1) is it possible to config squid NOT to set this header at all? I think header_access X-Forwarded-For deny all should do. You can remove it from the source if you feel inclined so. Just do a grep -r. Don't have answers to other questions. Tesla _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
[squid-users] X-Forwarded-For: header
http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.17 talks about this header, and I have some questions: 1) is it possible to config squid NOT to set this header at all? 2) is it possible to config quid to send a user defined IP (say the IP of the proxy server itself), rather than "unknown" ? on a related one, is it possible to "insert" an customer HTTP header? Thanks! Frank
