On Thu, 2014-08-07 at 22:02 +0000, Mark jensen wrote: > I have asked this question on Apache mailing list but they tell me to ask it here: > > we know that we can allow some IPS with out authentication using Allow from IP: > > <Directory /var/www/html/template> > Order allow,deny > Allow from 192.168.1.5 > Satisfy any > AuthName "LDAP Authentication" > AuthType Basic > > AuthBasicProvider ldap > AuthzLDAPauthoritative off > AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*) > </Directory> > > But what if we use proxy (squid) in front, then the source IP will be the proxy IP, How can I make Apache to deal with the client IP not the proxy IP? > > or How to let squid to request the page using client IP? > you will want to look into the X-Forwarded-For header. Make sure you are inserting it with squid, and that apache is parsing the header for the value and basing the access on it. the client ip will be in the first position (0 based, i think), when using comma (,) as a delimiter.
