Search squid archive

Re: real client ip address instead of squid Ip address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 19 Sep 2011 14:59:54 +0700, Khemara Lyn wrote:
On 09/18/2011 04:38 PM, Saleh Madi wrote:
Dears,

How could I configure the squid appear the clients real IP address instead of the squid IP address, the problem is that all clients get the same IP address which make problems in file sharing websites like mega upload, rapidshare and others websites we use squid in transparent mode with WCCP , please advice how to resolve this problem.

Many thanks,
Saleh Madi


   Hi,

I have the same query but doubt if it is possible at all, esp. with WCCP.

What I could do so far is that, I configure the Squid box to have
multiple IPs and multiple gateways (5 of them) with IPRoute2, "ip
route". Each time, it could appear as a different IP but still get
blocked by those file-sharing Web sites as you mentioned.

I would greatly appreciate for any better idea.

Thanks & regards,
Khem


WCCP passes packets unchanged to the Squid box.

You need two things:
1) to pass the IP through, using "forwarded_for on". Which permits Squid to send the X-Forwarded-For header with Client IP. 2) the website to be smart enough to make use of the header. Some sites do not support or choose not to trust that HTTP header.


Alternatively you could setup a transparent proxy with the TPROXY feature. Spoofing the client inbound IP on the outbound traffic. This does work with WCCP, but is a bit tricky.
 http://wiki.squid-cache.org/Features/Tproxy4

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux