Rick... your application team is stupid. ;) On Wednesday 21 December 2005 14:12, Rick G. Kilgore wrote: > Our application team does not want to rewrite a program that relies > heavily on the IP address to maintain the identity of a connection to > the client. I hate this idea and want the application redone correctly. If they are too lazy do fix that I can offer an (untested) nifty workaround in case you use an Apache server. It takes the IP address from the X-Forwarded-For line in the HTTP header and sets the REMOTE_ADDR environment variable correctly (which is probably the address they are using in a CGI to find out the source IP address of the requester): SetEnvIf X-Forwarded-For (.*) REMOTE_ADDR=$1 Documented at: http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif > It has been suggested that I use always-direct to bypass squid IP > masking. My understanding was that always-direct just stopped the search > of the cache and sends request directly to the listed server/s. Neither. "always_direct" is used when you use a proxy chain (all your requests are send upstream to another proxy server) to tell Squid to send the requests *directly* to the web server instead of querying the parent proxy in the chain. So it's not connected to your case. What you probably think of is "no_cache" (which doesn't help either). You can't do a thing about that on the proxy. Once the request is handled by Squid the web server will see the proxy's IP address. (See also: http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.13 - but you probably don't want that.) Christoph -- ~ ~ ".signature" [Modified] 2 lines --100%-- 2,41 All
