Search squid archive

Re: squid accel peer auth basic, may be X-Forwarded-For prob

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Hi,
>
> I've a squid Version 2.6.STABLE16
>
> with the following config accel mode
>
> cache_peer php-01 parent 80 0 no-query originserver round-robin weight=1
> login=PASS max-conn=100
> #cache_peer php-02 parent 80 0 no-query originserver round-robin
> weight=0 login=PASS
> cache_peer php-03 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-04 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-05 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-06 parent 80 0 no-query originserver round-robin weight=1
> login=PASS
> cache_peer php-07 parent 80 0 no-query originserver round-robin weight=3
> login=PASS max-conn=100
> cache_peer php-08 parent 80 0 no-query originserver round-robin weight=1
> login=PASS max-conn=100
>
>
> 1192712203.711      3 12.34.56.78 TCP_REFRESH_HIT/200 2378 GET
> http://proxy-03.love.mydomain.com/_admin/style.css - ROUNDROBIN_PAR
> ENT/php-07 text/css
> 1192712204.363      4 12.34.56.78 TCP_REFRESH_MISS/401 851 GET
> http://proxy-03.love.mydomain.com/_admin/style.css - ROUNDROBIN_PAR
> ENT/php-07 text/html
>
> This page is auth basic protected + ip based protected
> http://proxy-03.love.mydomain.com/_admin/style.css
>
> normally is should pass on the ip based auth basic auth scheme
>
> But it fails.
> it seems to be an X-Forwarded-For problem,

Depends on how your authentication helper is coded to check for IP and
whether you have X-Forwarded-For visible or silent in any given squid.

>  here is the apache peer access log
>
> proxy-03.mydomain.com - - [18/Oct/2007:15:48:37 +0200] "GET
> /_admin/style.css HTTP/1.0" 401 480 "-" "Mozilla/5.0 (Windows; U; W
> indows NT 5.1; fr; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
>
>
> and proxy squid access log:
> Thu Oct 18 15:48:37 2007      4 12.34.56.78 TCP_REFRESH_MISS/401 855 GET
> http://proxy-03.love.mydomain.com/_admin/style.css -
> ROUNDROBIN_PARENT/php-04 text/html
>
> we should have IP 12.34.56.78 instead of the proxy hostname

IP in stead of *which* peer hostname above?
  "proxy-03.mydomain.com"? - apache configured with 'resolve hostnames on'
  "proxy-03.love.mydomain.com"?
  "php-04"? - squid configured with resolve hostnames on'


Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux