Search squid archive

Re[2]: Detect source IP Address via Squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Amos,

Really,   i need to hide my proxy server from my clients. But some web
resource      detect      Proxy      servers     ,     for     example
http://whatismyipaddress.com/.  Is  it  possible,  when my client surf
internet  ,past throught my  proxy  server  ,  and all servers see his real ip
address ? It is very important . Wait your response
ps: sorry for my english

BR


Wednesday, July 29, 2009, 1:48:48 PM, you wrote:

> Farhad Ibragimov wrote:
>> Dear Amos
>> 
>> Please look at this
>> 
>> Client ---> Router with WCCP ---> Proxy squid(3.0.15)---> Apache
>> 
>> Apache  see  request from Proxy squid server . My questions is , is it
>> possible  to see requested ip address from Client in Apache logs  file ? If yes , how can i
>> do this ?

> Squid passes the IP on to Apache in the X-Forwarded-For: header.
> Apache needs to log this header content.

> Where there are multiple IPs listed in it; the first is the client that
> contacted Squid.
>   The last is _probably_ the real client. Can contain forged values so
> trust decreases away from the machines you can identify. The first 
> listed IP was added by a trusted Squid, so it must be right, second 
> maybe not, etc.

>> 
>> My configuration
>> Linux "MY DOMAIN" 2.6.18-128.1.16.el5 #1 SMP Tue Jun 30 06:07:26 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
>> 
>> 
>> #       WELCOME TO SQUID 3.0.STABLE15
>> #       ----------------------------
>> http_port 3128 transparent
>> cache_mem 1024 MB
>> #minimum_object_size 32 KB
>> icp_port 0
>> wccp2_router "HIDDEN"
>> visible_hostname "HIDDEN"
>> url_rewrite_children 20
>> cache_dir ufs /cache 6000 16 256
>> cache_swap_low 90
>> cache_swap_high 95

>> allow_underscore on

> eww! Find a plank and beat the people needing that.

>> request_header_max_size 20 KB
>> client_persistent_connections on
>> server_persistent_connections on
>> maximum_object_size_in_memory 50 KB
>> cache_replacement_policy heap LFUDA
>> maximum_object_size 50 MB
>> ######LOG################
>> access_log /var/squid/logs/access.log squid
>> cache_log /var/squid/logs/cache.log
>> cache_store_log /var/squid/logs/store.log
>> ###############################
>> cache_mgr "HIDDEN"
>> httpd_suppress_version_string on
>> # SNMP OPTIONS
>> # -----------------------------------------------------------------------------
>> #snmp_port 1161
>> #snmp_access allow snmppublic localhost
>> #snmp_access deny all
>> cache_effective_user squid
>> cache_effective_group squid
>> ###############################################################
>> acl dayaz  dstdomain "HIDDEN"
>> always_direct allow "HIDDEN"
>> ###############################################################
>> refresh_pattern -i \.gif$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.png$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.jpg$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.jpeg$ 43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.pdf$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.zip$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.tar$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.gz$   43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.tgz$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.exe$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.prz$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.ppt$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.inf$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.swf$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.mid$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.wav$  43200 100% 43200 override-lastmod override-expire 
>> refresh_pattern -i \.mp3$  43200 100% 43200 override-lastmod override-expire
>> 
>> refresh_pattern ^ftp:           1440    20%     10080
>> refresh_pattern ^gopher:        1440    0%      1440
>> refresh_pattern (cgi-bin|\?)    0       0%      0
>> refresh_pattern .               0       20%     4320
>> ##########################################
>> negative_ttl 0 seconds
>> #########################################
>> # ACCESS CONTROLS
>> ##############################################################
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8
>> acl mynet src "HIDDEN"
>> 
>> # Example rule allowing access from your local networks.
>> # Adapt to list your (internal) IP networks from where browsing
>> # should be allowed

> Sigh. SO many people not bothering to read the above...

> Either change to be your valid networks, or remove completely and keep
> your own name(s) for the ACL  [ ie "mynet" ].

>> acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
>> acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>> #
>> acl SSL_ports port 443
>> acl Safe_ports port 80          # http
>> acl Safe_ports port 21          # ftp
>> acl Safe_ports port 443         # https
>> acl Safe_ports port 70          # gopher
>> acl Safe_ports port 210         # wais
>> acl Safe_ports port 1025-65535  # unregistered ports
>> acl Safe_ports port 280         # http-mgmt
>> acl Safe_ports port 488         # gss-http
>> acl Safe_ports port 591         # filemaker
>> acl Safe_ports port 777         # multiling http
>> acl CONNECT method CONNECT
>> 
>> #  TAG: http_access
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> #http_access allow localnet 
>> http_access allow mynet
>> http_access deny all
>> 
>> icp_access deny all
>> htcp_access deny all
>> 
>> hierarchy_stoplist cgi-bin ?
>> 
>> #  TAG: debug_options
>> #       Logging options are set as section,level where each source file
>> #       is assigned a unique section.  Lower levels result in less
>> #       output,  Full debugging (level 9) can result in a very large
>> #       log file, so be careful.  The magic word "ALL" sets debugging
>> #       levels for all sections.  We recommend normally running with
>> #       "ALL,1".
>> #
>> #Default:
>> # debug_options ALL,1
>> 
>> icp_port 0
>> htcp_port 0
>> log_icp_queries off
>> 
>> allow_underscore on
>> 
>> # WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
>> #wccp_version 4
>> # wccp2_rebuild_wait on
>> # wccp2_forwarding_method 1
>> # wccp2_return_method 1
>> # wccp2_assignment_method 1
>> # wccp2_service standard 0
>> # wccp2_weight 10000
>> # wccp_address 0.0.0.0
>> # wccp2_address 0.0.0.0
>> 
>> # ERROR PAGE OPTIONS
>> # -----------------------------------------------------------------------------
>> # error_directory /squid/share/errors/templates
>> email_err_data on
>> 
>> client_db on
>> coredump_dir /var/squid/cache
>> 
>> 

> Amos



-- 
Best regards,
 Farhad                            mailto:inara.ibragimova@xxxxxxxxx
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux