Hi Eliezer I did access your url and it gave me the output as Your IP address is : 122.166.1.184 I also tried doing request_header_access X-Forwarded-For deny Safe_ports Still no luck, log is as follows 1332199742.075 2 192.168.1.117 TCP_DENIED/403 3481 CONNECT feeds.example.com:80 - NONE/- text/html 1332199746.551 1 192.168.1.117 TCP_DENIED/403 3481 CONNECT feeds.example.com:80 - NONE/- text/html this is what i did $filePath = 'http://feeds.example.com/newsfeeds.xml'; $s = curl_init($filePath); curl_setopt($s,CURLOPT_RETURNTRANSFER,1); curl_setopt($s, CURLOPT_HEADER, false); curl_setopt($s, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($s, CURLOPT_PROXY, "http://192.168.1.117:3128";); curl_setopt($s, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($s, CURLOPT_URL, $filePath); // Make the request $xml = ''; $xml = curl_exec($s); $xml = trim($xml); curl_close($s); On Tue, Mar 20, 2012 at 5:00 AM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > On 20/03/2012 00:36, Vijay S wrote: >> >> Sorry i cannot share the url and hence im replacing the feed as >> http://feeds.example.com/newsfeeds.xml >> >> On Tue, Mar 20, 2012 at 1:37 AM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx> >> wrote: >>> >>> On 19/03/2012 18:58, Vijay S wrote: >>>> >>>> >>>> Hi >>>> >>>> I have a my server box hosting apache and squid on centos machine. >>>> When I send my request for clients feeds it works as they have >>>> whitelisted my IP address, and when I make the call via squid its give >>>> me invalid IP. I checked the access log for more information and found >>>> out instead of sending my IP address its sending the localhost IP >>>> address (127.0.0.1). >>> >>> >>> i'm still trying to understand your network infrastructure. >>> you have one apache server that also hosts squid? >> >> Yes >> >>> can you give the logs output? >> >> 1332194292.909 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT >> feeds.example.com:80 - NONE/- text/html >> 1332194335.536 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT >> feeds.example.com:80 - NONE/- text/html >> 1332194399.852 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT >> feeds.example.com:80 - NONE/- text/html >> >> >>> what is the /etc/hosts content? >> >> 122.166.1.184 localhost >> 122.166.1.184 reactmedia.com >> 122.166.1.184 rm117 >> >> >>> by clients you mean you clients of squid? >> >> there is no squid im accessing a feeds URL >> http://feeds.example.com/newsfeeds.xml >> >>> what do you mean by whitelisted your ip address? >> >> request from my ip only can access this feeds. which they have >> configured. it opens when i access from browser but when i called from >> squid using php curl. it doesnot works >> >>> is the apache server is listening on port 80? >> >> Yes > > > this part made me understand the problem. > if you do want to understand the problem try get into this address: > http://www1.ngtech.co.il/myip.php > i think the problem is that the proxy is forwarding a "x_forward" header on > the http request what's making the problem. > if your proxy is using "the x_forward" you will see it in the page. > > in order to disable this header you can add to your squid.conf this > directive: > request_header_access X-Forwarded-For deny Safe_ports > > if it is indeed what caused the problem you should be ok. > > Regards, > Eliezer > > >> >>> can you access it directly by ip + port 80? (no proxy) >> >> yes >> >>> when with proxy its not working? >> >> True >> >>> if its so then try to change the hosts file with the hostname in it to >>> external_ip www.hostname.domain >> >> its not the domain to ip mapping issue, when my request is sent its >> sent as 192.168.1.10 instead 122.166.1.184. and hence the client url >> is blocking me considering as the ip is not listed in there >> whitelisted IP's opend for me to access. >> >> >>> >>> Regards, >>> Eliezer >>> >>> >>>> I googled a little and found that using tcp_outgoing_address directive >>>> I can control the outgoing IP address and to my bad luck this didn’t >>>> work >>>> >>>> My configuration file is as follows >>>> >>>> acl all src all >>>> acl manager proto cache_object >>>> acl localhost src 127.0.0.1/255.255.255.255 >>>> acl to_localhost dst 127.0.0.0/32 >>>> acl SSL_ports port 443 >>>> acl Safe_ports port 80 # http >>>> acl Safe_ports port 21 # ftp >>>> acl Safe_ports port 443 # https >>>> acl Safe_ports port 70 # gopher >>>> acl Safe_ports port 210 # wais >>>> acl Safe_ports port 1025-65535 # unregistered ports >>>> acl Safe_ports port 280 # http-mgmt >>>> acl Safe_ports port 488 # gss-http >>>> acl Safe_ports port 591 # filemaker >>>> acl Safe_ports port 777 # multiling http >>>> acl CONNECT method CONNECT >>>> >>>> http_access allow manager localhost >>>> http_access deny manager >>>> http_access deny !Safe_ports >>>> http_access deny CONNECT !SSL_ports >>>> >>>> http_access allow localhost >>>> http_access deny all >>>> >>>> icp_access allow all >>>> >>>> http_port 3128 >>>> >>>> visible_hostname loclahost >>>> debug_options ALL,1 33,2 28,9 >>>> tcp_outgoing_address 122.166.1.184 >>>> >>>> Can somebody help me with configuration for the my servers. It will be >>>> of great help. >>>> >>>> Thanks& Regards >>>> Vijay >>> >>> >>> >>> >>> >>> -- >>> Eliezer Croitoru >>> https://www1.ngtech.co.il >>> IT consulting for Nonprofit organizations >>> elilezer<at> ngtech.co.il >>> > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > elilezer <at> ngtech.co.il
