-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/02/2015 3:38 p.m., James Beecham wrote: > Hi Amos, > > Thank you for your reply. > > The information I need to apply to the header is client specific, > ex their internal ip address. > > The issue I am facing is that the network that is hosting the web > services is different from the network that the clients are > accessing it from. So my Squid instances live at the client site > and they access the web services out of a data center. > > I need to know the clients internal ip at the data center for a > number of reasons. Therefore if I am understanding your suggestion > correctly the reverse ssl proxy would not work as the squid reverse > proxy needs to be on the same internal network/vlan as the > destination host to function? > http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate No. > Reverse-proxy only needs is that the client looking up the domain in DNS finds where it is and the cert it offers is valid for the domain. The connection between the proxy and origin server is explicitly/manually configured at the proxy so does not matter where its going to. Think of how the major CDN operators put their gateway proxies out around the world in or near ISP networks then do something special from that proxy to where the hosted site actually is. > > Essentially what I have is the clients internal ip at the client > site, which with HTTP only used to allow me the pack the internal > ip into the HTTP header via 'request_header_add'. Now, I still need > to get the internal ip into the HTTPS request so that the web > services can operate as normal. Whether the clients internal ip is > in the header or apart of each request (query param) doesnt really > matter, just how can I get the internal ip to the server without > disrupting the normal browsing activity of our users? This is what the X-Forwarded-For/Forwarded HTTP headers are for. Set "forwarded_for on" in squid.conf of the gateway proxy the clients connect to, and the same or "forwarded_for transparent" on any internal squid proxies it goes across within your network. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJU4miwAAoJELJo5wb/XPRjasUH/jf6ZHo75tqmKdW/gQcYtHKl Et38pBbvXXIJ9/+DE/DvrW/t4LJU1tuxFk/uplwvORqOyZ2VNy/mxp1Omf3NMKoG SfUo3LTOqlvIAtI1oHZYadS9qEsIDxSGDJ0HFeag7z9wj4acOeUnVSBLUueyV5TK ouspgmpuS3GCCqMWjWsEkdUKqDXC+ThyUeF7w0ABfZIXoJPtC2Q++7UznQm840ad lV4lLx/vxbXSEFlR+YEZXJwEBUwcKr9uUDVru7Rn4LfIZ9KRr6gVbzwzFMuilY0P GmMJBYMDZZSezvtVA2vAR99KbDpUSC/8seGL2VrXZxNndh8eSmK5kprlUvwIC1w= =Ra8E -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users