Hello, all.
I saw much useful function named tproxy.
So pleaase check below is possible or not.
Client(192.168.3.2) ==> http-accelerator mode squid(10.10.1.2) ==> apache web
server(10.10.1.1)
When I see the log file at apache, only cache(10.10.1.2) ip will be seen
without regard to clien
MontyRee wrote:
> Hello, all.
>
> I saw much useful function named tproxy.
> So pleaase check below is possible or not.
>
>
> Client(192.168.3.2) ==> http-accelerator mode squid(10.10.1.2) ==> apache web
> server(10.10.1.1)
>
> When I see the log file at apache, only cache(10.10.1.2) ip wi
Thanks for your answer.
But in case of Commercial Web Application Firewall(WAF),
I found that tproxy was installed and some daemon like squid to filter the
web traffic transparently.
and the real client ip is seen at the origin server.
Is it a different case?
Thanks for your comments.
lör 2009-09-12 klockan 16:50 +1200 skrev Amos Jeffries:
> No its not.
>
> accel mode == reverse proxy == squid pretending to be a web server.
>
> tproxy == squid pretending not to be there.
But why is that? There is not really any technical reason why not TPROXY
can be used in reverse proxy mod
On Tue, 15 Sep 2009 01:31:08 +0200, Henrik Nordstrom
wrote:
> lör 2009-09-12 klockan 16:50 +1200 skrev Amos Jeffries:
>
>> No its not.
>>
>> accel mode == reverse proxy == squid pretending to be a web server.
>>
>> tproxy == squid pretending not to be there.
>
> But why is that? There is not r
tis 2009-09-15 klockan 12:28 +1200 skrev Amos Jeffries:
> The big reason is that TPROXY passes the IPs to Squid inverted via
> accept(). There is no probe like the NAT ORIGINAL_DST to separate the
> TPROXY and non-TPROXY received connections. The only way to identify this
> IP inversion is the fla
On Tue, 15 Sep 2009 04:13:20 +0200, Henrik Nordstrom
wrote:
> tis 2009-09-15 klockan 12:28 +1200 skrev Amos Jeffries:
>
>> The big reason is that TPROXY passes the IPs to Squid inverted via
>> accept(). There is no probe like the NAT ORIGINAL_DST to separate the
>> TPROXY and non-TPROXY received
tis 2009-09-15 klockan 14:43 +1200 skrev Amos Jeffries:
> > Yes, but here we are talking about the other side, when Squid makes the
> > outgoing connection. That part do not need to depend in any way on how
>
> We are talking about setting http_port (incoming) options. Or so I thought.
I am not
