On 27.04.20 15:27, Vieri wrote:
I've been using Squid + TPROXY in transparent sslbump mode for quite a
while now, but I'd like to use an explicit proxy with user authentication
instead.
I have Squid on my first firewall/gateway node, and then I have another
gateway (node 2) where all the HTTP requests go through, with multiple
ISPs.
In transparent tproxy mode, I can obviously mark packets according to the
"real" client src IP addresses and then use, eg., different ISPs based on
client src addr.
In the explicit setup, the gateway (node 2) only sees one IP address as
HTTP source -- the one on the "first node" with the explicit Squid proxy.
I presume that in this case there is NO WAY I can somehow inform the
gateway on node 2 of the "real" clent IP addresses?
Correct. However, you can configure first proxy to add proper
X-Forwarded-For address and configure the second proxy to trust the
X-Forwarded-For from the first proxy, so the second proxy can make decision
on how to route the request, based on trusted client's source IP address
passed through X-Forwarded-For header.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
