Micah, I've had to deal with that situation a few times, the solution is quite simple. Recompile squid with this option if you haven't done it so far " --enable-follow-x-forwarded-for" Add these lines to your squid.conf: forwarded_for on follow_x_forwarded_for allow all Basically what this does is forwards the client IP to the origin server on a reverse proxy setup Now, the client IP will be passed through the headers to the origin server but you need to do some work on apache to be able to fetch those. Unfortunately apache discussions are beyond the scope of this list, I suggest you look into rewrite rules, I have the same setup working like a charm with rewrites. Hope it helps Saul W. -----Original Message----- From: news [mailto:news@xxxxxxxxxxxxx] On Behalf Of Micah Anderson Sent: Wednesday, March 12, 2008 5:49 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Reverse proxy IP not passing through I upgraded my squid to 2.6 and re-did the configs, everything is working with the exception of one problem, the old version used to pass the visitor's IP back to the webserver, but now it just passes the squid host's IP. I need the requesting IP for some CGI's to work, at the moment they think that my host is the only one hitting them :O I used to accomplish this with httpd_accel_uses_host_header and I understand that this has been replaced in the newer 2.6 versions, but as you can see from my configuration below, I've made that change. I've got apache running on port 81 of the same server and if I hit the webserver itself, it sees the IPs correctly, its just when squid passes them on. I'm using 2.6.18 backport on debian etch. Here is my squid.conf, with some ips/domains munged to protect the innocent, thanks for any ideas! Micah http_port 214.132.104.148:80 defaultsite=mydomain.com:80 vhost vport cache_peer 214.132.104.148 parent 81 0 no-query originserver default hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? acl QUERY urlpath_regex download \? acl QUERY urlpath_regex trackback \? acl QUERY urlpath_regex email \? acl QUERY urlpath_regex review \? acl QUERY urlpath_regex proposals \? acl QUERY urlpath_regex submit \? acl QUERY urlpath_regex admin \? acl QUERY urlpath_regex prerelease \? acl POSTS method POST no_cache deny POSTS no_cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache cache_swap_low 92 cache_swap_high 96 cache_dir aufs /var/spool/squid 100 16 256 logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh %{Host}>h access_log /var/log/squid/access.log combined hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 read_timeout 10 minutes request_timeout 20 seconds pconn_timeout 10 seconds redirect_children 20 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl green src 214.132.104.148/255.255.255.255 acl SSL_ports port 443 acl SSL_ports port 563 acl SSL_ports port 873 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 http acl Safe_ports port 631 acl Safe_ports port 873 acl Safe_ports port 901 acl purge method PURGE acl CONNECT method CONNECT acl IMAGES urlpath_regex .jpg$ acl IMAGES urlpath_regex .gif$ acl IMAGES urlpath_regex .swf$ acl IMAGES urlpath_regex .ico$ acl IMAGES urlpath_regex .png$ http_access allow purge green http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow all http_access deny all icp_access deny ALL ident_lookup_access deny all http_access allow green http_access deny all http_reply_access allow all icp_access allow all cache_effective_group proxy delay_pools 1 delay_class 1 1 delay_access 1 allow all delay_parameters 1 128000/128000 # 512 kbits == 64 kbytes per second, 1Mbit/sec=128kbytes strip_query_terms off coredump_dir /var/spool/squid No virus found in this incoming message. Checked by AVG. Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date: 3/11/2008 1:41 PM No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.7/1328 - Release Date: 3/13/2008 11:31 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.7/1329 - Release Date: 3/14/2008 12:33 PM
