MontyRee wrote: > Hello, all. > > I saw much useful function named tproxy. > So pleaase check below is possible or not. > > > Client(192.168.3.2) ==> http-accelerator mode squid(10.10.1.2) ==> apache web server(10.10.1.1) > > When I see the log file at apache, only cache(10.10.1.2) ip will be seen without regard to clients. > but when I set tproxy at squid server,I can see the real client IPs, right? > > then how can I set iptables rule at squid server(10.10.1.2)? > It seems that most examples are for forward proxy not httpd-accel mode. > > http://wiki.squid-cache.org/ConfigExamples/ > > I know that "HTTP_X_FORWARDED_FOR'" would be possible, > but I don't want it. Please share how to set tproxy for accel mode. > > > Thanks in advance. > No its not. accel mode == reverse proxy == squid pretending to be a web server. tproxy == squid pretending not to be there. When Squid pretends not to be there it cannot perform the actions needed to make it look like a web server. X-Forwarded-For is the way to do this. Whether you want to do it that way or not. Its the way you get the real client IP through the various middleware proxies already passing traffic from box to box around the Internet in a www version of NAT. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
