Farhad Ibragimov wrote:
Dear Amos
Please look at this
Client ---> Router with WCCP ---> Proxy squid(3.0.15)---> Apache
Apache see request from Proxy squid server . My questions is , is it
possible to see requested ip address from Client in Apache logs file ? If yes , how can i
do this ?
Squid passes the IP on to Apache in the X-Forwarded-For: header.
Apache needs to log this header content.
Where there are multiple IPs listed in it; the first is the client that
contacted Squid.
The last is _probably_ the real client. Can contain forged values so
trust decreases away from the machines you can identify. The first
listed IP was added by a trusted Squid, so it must be right, second
maybe not, etc.
My configuration
Linux "MY DOMAIN" 2.6.18-128.1.16.el5 #1 SMP Tue Jun 30 06:07:26 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
# WELCOME TO SQUID 3.0.STABLE15
# ----------------------------
http_port 3128 transparent
cache_mem 1024 MB
#minimum_object_size 32 KB
icp_port 0
wccp2_router "HIDDEN"
visible_hostname "HIDDEN"
url_rewrite_children 20
cache_dir ufs /cache 6000 16 256
cache_swap_low 90
cache_swap_high 95
allow_underscore on
eww! Find a plank and beat the people needing that.
request_header_max_size 20 KB
client_persistent_connections on
server_persistent_connections on
maximum_object_size_in_memory 50 KB
cache_replacement_policy heap LFUDA
maximum_object_size 50 MB
######LOG################
access_log /var/squid/logs/access.log squid
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log
###############################
cache_mgr "HIDDEN"
httpd_suppress_version_string on
# SNMP OPTIONS
# -----------------------------------------------------------------------------
#snmp_port 1161
#snmp_access allow snmppublic localhost
#snmp_access deny all
cache_effective_user squid
cache_effective_group squid
###############################################################
acl dayaz dstdomain "HIDDEN"
always_direct allow "HIDDEN"
###############################################################
refresh_pattern -i \.gif$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.png$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpeg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.pdf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.zip$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tar$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.gz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tgz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.exe$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.prz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.ppt$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.inf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.swf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mid$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.wav$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mp3$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
##########################################
negative_ttl 0 seconds
#########################################
# ACCESS CONTROLS
##############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mynet src "HIDDEN"
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
Sigh. SO many people not bothering to read the above...
Either change to be your valid networks, or remove completely and keep
your own name(s) for the ACL [ ie "mynet" ].
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access allow localnet
http_access allow mynet
http_access deny all
icp_access deny all
htcp_access deny all
hierarchy_stoplist cgi-bin ?
# TAG: debug_options
# Logging options are set as section,level where each source file
# is assigned a unique section. Lower levels result in less
# output, Full debugging (level 9) can result in a very large
# log file, so be careful. The magic word "ALL" sets debugging
# levels for all sections. We recommend normally running with
# "ALL,1".
#
#Default:
# debug_options ALL,1
icp_port 0
htcp_port 0
log_icp_queries off
allow_underscore on
# WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
#wccp_version 4
# wccp2_rebuild_wait on
# wccp2_forwarding_method 1
# wccp2_return_method 1
# wccp2_assignment_method 1
# wccp2_service standard 0
# wccp2_weight 10000
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0
# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
# error_directory /squid/share/errors/templates
email_err_data on
client_db on
coredump_dir /var/squid/cache
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE17
Current Beta Squid 3.1.0.12
