Search squid archive

Re: Redirecting traffic to fake parent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The problem is that I'm using Squid 2.7 (I know how behind I am), and I need to use the referrer of certain requests and give those url + referer to a rewriter program (Posible in v 3.5 as far as I know). So in order to achieve this using 2.7 I redirect the traffic to a fake node.js proxy, extract what I need, store it on a DB and then the rewriter con make a query there and make the proper rewrite. I have that working already, but I don't know how to mantain the original IP of the client making the request to the very end of the transaction so to the outside world it doesn't look that all the requests come from the same client.


Thanks
Sebastian


El 03/03/15 a las 23:32, Amos Jeffries escribió:
On 4/03/2015 9:35 a.m., Sebastian Goicochea wrote:
Hello everyone, I'm experimenting with cache_peer directive and node.js:

cache_peer 10.0.0.90 parent 8888 0 no-query no-digest proxy-only name=test

in that port I have a node.js Proxy receiveing connections in the same
host, it extracts some information I need and saves it to a DB, then
redirects Squid with a 302 response with some garbage added to the url.
I use that garbage to match an access list so I can prevent looping.

Squid is working in transparent mode, the problem I'm facing is that if
I don't configure a tcp_outgoing_address Squid does not reach port 8888
on localhost. If I set a tcp_outgoing_address Squid can reach
localhost:8888 but with his own IP address and I need it to be
transparent, I need the real client IP address.
Why? what is all this for?

HTTP is designed to operate just fine without forging client IPs on
proxy outgoing traffic. Some web applications are seriously broken, but
since its on your localhost you obviously are in a great position to fix
this one.


also, it sounds to me like you are using all this complex 4-party
interaction to replicate something that an ICAP/eCAP service does much
faster and simpler. Or perhapse you are trying to implement Squids
StoreID feature using layers of proxies.


Is there a way to configure tcp_outgoing_address to use the client's IP
when fetching something?
No. You can only bind to IP addresses which have been assigned to the
machine Squid is running on. Lookup the "triangular routing" problem if
you want all the gory details.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux