HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.
It is currently 22 Jun 2014 09:52

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: X-Forwarded-For
PostPosted: 15 May 2007 13:30 
Offline

Joined: 15 May 2007 13:25
Posts: 1
Hello!

I want to use Havp--->Squid setup, but in squid logs appears only 127.0.0.1. In Havp i have:

FORWARDED_IP true
X_FORWARDED_FOR true


There is any option that I must put in squid.conf to "see" the real IPs?

Also I am planning to use ntlm authentication for squid, is it possible in this setup?

Thanks


Top
 Profile  
 
 Post subject:
PostPosted: 15 May 2007 14:14 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
configure --enable-follow-x-forwarded-for

follow_x_forwarded_for
log_uses_indirect_client

From squid.conf.default:

# TAG: follow_x_forwarded_for
# Note: This option is only available if Squid is rebuilt with the
# -DFOLLOW_X_FORWARDED_FOR option
#
# Allowing or Denying the X-Forwarded-For header to be followed to
# find the original source of a request.
#
# Requests may pass through a chain of several other proxies
# before reaching us. The X-Forwarded-For header will contain a
# comma-separated list of the IP addresses in the chain, with the
# rightmost address being the most recent.
#
# If a request reaches us from a source that is allowed by this
# configuration item, then we consult the X-Forwarded-For header
# to see where that host received the request from. If the
# X-Forwarded-For header contains multiple addresses, and if
# acl_uses_indirect_client is on, then we continue backtracking
# until we reach an address for which we are not allowed to
# follow the X-Forwarded-For header, or until we reach the first
# address in the list. (If acl_uses_indirect_client is off, then
# it's impossible to backtrack through more than one level of
# X-Forwarded-For addresses.)
#
# The end result of this process is an IP address that we will
# refer to as the indirect client address. This address may
# be treated as the client address for access control, delay
# pools and logging, depending on the acl_uses_indirect_client,
# delay_pool_uses_indirect_client and log_uses_indirect_client
# options.
#
# SECURITY CONSIDERATIONS:
#
# Any host for which we follow the X-Forwarded-For header
# can place incorrect information in the header, and Squid
# will use the incorrect information as if it were the
# source address of the request. This may enable remote
# hosts to bypass any access control restrictions that are
# based on the client's source addresses.
#
# For example:
#
# acl localhost src 127.0.0.1
# acl my_other_proxy srcdomain .proxy.example.com
# follow_x_forwarded_for allow localhost
# follow_x_forwarded_for allow my_other_proxy
#
#Default:
# follow_x_forwarded_for deny all


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group