Dear All,
I have this problem with fileserv.com:
If a client goes direct to the site, it would be ok; it can download any
file. However, it goes through Squid proxy, it breaks.
Can I tell Squid to act as if it were a normal/simple client, request a
page, and return it to the real client uncached for a certain domain
like fileserv.com?
I'm just wondering what is inside of Squid that makes it break. Can
Squid just act as a simple client in pass through mode even though it
uses its own IP?
Kind regards,
Khem
On 09/20/2011 11:31 AM, Luis Daniel Lucio Quiroz wrote:
2011/9/19 Khemara Lyn<lin.kh@xxxxxxxxxxxx>:
Dear Sir Amos,
Thank you for your response and being helpful always.
My squid.conf does have that "forwarded_for on" but I think, those public
upload/download file-sharing sites (fileserve, rapid share, etc.) are smart
enough to detect the header.
Or is there a way to find out all the IP ranges used by those sites?
I would like to be able to block those IP ranges in WCCP access list so that
accesses to those sites will bypass my Squid box.
Regards,
Khem
On 09/20/2011 08:53 AM, Amos Jeffries wrote:
On Mon, 19 Sep 2011 14:59:54 +0700, Khemara Lyn wrote:
On 09/18/2011 04:38 PM, Saleh Madi wrote:
Dears,
How could I configure the squid appear the clients real IP address
instead of the squid IP address,
the problem is that all clients get the same IP address which make
problems in file sharing websites like mega upload, rapidshare and others
websites
we use squid in transparent mode with WCCP , please advice how to
resolve this problem.
Many thanks,
Saleh Madi
Hi,
I have the same query but doubt if it is possible at all, esp. with WCCP.
What I could do so far is that, I configure the Squid box to have
multiple IPs and multiple gateways (5 of them) with IPRoute2, "ip
route". Each time, it could appear as a different IP but still get
blocked by those file-sharing Web sites as you mentioned.
I would greatly appreciate for any better idea.
Thanks& regards,
Khem
WCCP passes packets unchanged to the Squid box.
You need two things:
1) to pass the IP through, using "forwarded_for on". Which permits Squid
to send the X-Forwarded-For header with Client IP.
2) the website to be smart enough to make use of the header. Some sites
do not support or choose not to trust that HTTP header.
Alternatively you could setup a transparent proxy with the TPROXY feature.
Spoofing the client inbound IP on the outbound traffic. This does work with
WCCP, but is a bit tricky.
http://wiki.squid-cache.org/Features/Tproxy4
Amos
Maybe you may use a spool of public keys and also use squid
url_rewrite capabilitie of 2.7 to cache file so this will reduce that
symptom. How may IP's, how to configure squid is not easy to say, it
requires analysis but it is a workarround if the X-Forwarded doesnt
work.
Khem, it is nice to know of you. Please contact me offline.
LD
http://www.twitter.com/ldlq
