web sites know the “real” access user(IP) through a proxy?

Question

I'm new to Squid and iptables, and am investigating whether they would be able to

accomplish a task at hand. part of my squid.conf:

acl wf myport 8010
acl vp myport 8020
acl ss myport 8030

cache_peer IP1 parent 80 0 no-query originserver name=wflocal
cache_peer_access wflocal allow wf
cache_peer IP2 parent 80 0 no-query originserver name=vplocal
cache_peer_access vplocal allow vp
cache_peer IP3 parent 80 0 no-query originserver name=sslocal
cache_peer_access sslocal allow ss

cache_peer_access sslocal deny all
cache_peer_access vplocal deny all
cache_peer_access wflocal deny all

my squid ip is IP9

I need that the HTTP server IP1，IP2 and IP3 should logically

appear under a single URL hierarchy

like this :

    http  : // IP9:8010  

    http  : // IP9:8020 

    http  : // IP9:8030

all above is going well now

but the HTTP server access log can not know the "real" user IP and it just record ip of the accelerator(squid).what should I do to make the HTTP server IP1 , IP2 and IP3 record the "real" user IP.

Thanks for any insights on this!

Have you enabled [X-Forwarded-For](http://en.wikipedia.org/wiki/X-Forwarded-For) headers in Squid? — Andrew, Nov 18 '13 at 06:56

score 1 · Accepted Answer · answered Nov 18 '13 at 06:58

1

Your squid passes your real ip address in HTTP header. You can disable it in squid.conf by

forwarded_for off

answered Nov 18 '13 at 06:58

kofemann

4,626
1
25
30

squid.conf set forwarded_for = on and apache set X-Forwarded-For, then problem was solved – pangjiale Nov 18 '13 at 08:58

web sites know the “real” access user(IP) through a proxy?

1 Answers1