0

We are trying to forward the traffic of our virtual machine to Squid Proxy. When the requests are bumped by Squid Proxy and leaves the proxy, all the request's source Ips are changed from the client's IP to the Squid Proxy's server's IP address.

Our requirement is to ensure the requests are ssl-bumped, but at the same time, we want the client IP to be preserved and not altered by Squid Proxy. Is there a way to add any tags over the config file(squid.conf), to prevent the client IP modification.

We need to client IP for evaluation of rules separately, and while we need to ssl-bump, we also need the client source IP as the outgoing request's signature.

Roshan Patel
  • 1
  • 1

2 Answers2

0

Proxy servers work by accepting connections from clients and sending requests on behalf of the clients to destination servers.

The following happens at TCP level:

Client --> TCP connection --> Squid --> TCP Connection --> destination

Client opens the TCP connection to Squid using its own IP address. Squid opens the TCP connection to destination server using its own IP address.

This means that the TCP connections from the proxy server always have its own IP address. This is fundamental operating mode of TCP/IP protocol and one cannot work around it.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
0

I think you want an x-forwarded-for header... You then read the header on the next hop and that header will contain the original IP address rather than the squid server. It's always going to replace the source as its own... But you can have it write the original as a header you can pull later. it's hwat you do with web proxies etc.

Keith Shannon
  • 132
  • 8