Hello Amos,
thank you for your answer.
I did add the follow_x_forwarded_for allow localhost and it did what I
wanted to.
With regards to the security warnings, I am ok with it as all users
have the same acl.
Regards,
Hugo
On 12 August 2011 15:23, Amos Jeffries squ...@treenet.co.nz wrote:
On 13/08/11 00:47, Hugo Deprez wrote:
Dear community,
I am trying To configure dansguardian with squid3.
I am running debian squeeze.
Everything is working but I am trying to have the real IP source in
the squid's access.log file.
I configured forwardedfor = on in dansguardian.conf,
When I check The access.log file, i only see 127.0.0.1 as source of the
request.
I did a network packet capture. And I found the field X-forwarded-for was
like :
http.x_forwarded_for == 192.168.200.1, 127.0.0.1
In squid.conf I used the following log configuration :
logformat combined %a %a %A %p %la %lp %ui %un
[%{%d/%b/%Y:%H:%M:%S +}tl] %rm %ru HTTP/%rv %Hs %st
%{Referer}h %{User-Agent}h %Ss:%Sh
access_log /var/log/squid3/access.log combin
But %a is still return 127.0.0.1.
So is there a way to change the behaviour in order to show the real IP
address ?
log_uses_indirect_client on
Or is there a way to hide source 127.0.0.1 ?
You define in squid.conf that 127.0.0.1 has a proxy you *trust* not to lie
to you in its XFF header.
Please read the security warnings about follow_x_forwarded_for
http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
follow_x_forwarded_for allow localhost
NP: assuming that you still have the default localhost definition
configured.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.10