Client IP behind SQUID on Apache Reverse Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi ppl,

I'm getting headaches^3 coz logging in my scenario...

There is:
Client/HTTPS(172.16.0.101) -> SQUID/HTTPS (172.16.0.31) -> Reverse
Proxy (Apache, SSL-out, 172.16.0.50) -> WebServers/HTTP (172.16.0.60)

I need 2 things (for logging purposes):
1) Send IP of client to WebServers. There anyway to make Apache get
"X-Forwarded-For" value from SQUID, and forward it on Apache
X-Forwarded-For header to WebServers instead to put SQUID IP on
X-Forwarded-For and forward it to WebServers? Better, just do it if
"IP = known proxy IP" like I do on logging below?
Something like:
SQUID Header:
X-Forwarded-For: 172.16.0.101
Reverse Proxy Header:
X-Forwarded-For: 172.16.0.101 (NOT 172.16.0.31 IF "172.16.0.31=known
proxy IP" [to avoid spoofing...])

2) Log Client IP on Reverse Proxy (on access / error / modsecurity
logs). I made some changes on httpd.conf without expected results:
----------------------------------------------------------------------------------
SetEnvIf Remote_Addr 172\.25\.136\.31 PROXY=1
LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\"
\"%{User-agent}i\"" combined_forwarded
CustomLog /var/log/httpd/combined-access.log combined env=!PROXY
CustomLog /var/log/httpd/combined_forwarded-access.log
combined_forwarded env=PROXY
----------------------------------------------------------------------------------
With this conf, if client try access any webserver behind RP, RP logs
SQUID IP on "combined_forwarded-access.log" instead Client IP, *BUT*
if client access html root directory (for example) of Reverse Proxy it
logs real client IP on "combined_forwarded-access.log" :(


Thanks :)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux