Thank you for reply, It working with first squid as transparent proxy without any problem.
I've tried config from Zirafarafa, but there is one problem with it. It doesn't log as needed:
It logs only request from localnetwork to first squid(non caching) -> these will be always TCP_MISS
It omits logs from havp to second(caching squid) -> these can be HIT if stored in cache.
Also HAVP log will be non usable because all IP will be IP od first squid - i.e. 127.0.0.1
So is it possible to set:
squid:
Code:
#allow to see orig client IP in HAVP and caching squid logs
#use forwarded_for
forwarded_for on
#use only forwarder_for from our proxies
follow_x_forwarded_for allow localhost
#BUT don't use it for acls(I want them to remain same as in original cfg)
acl_uses_indirect_client off
#logging
#use IP from forwarded_for
log_uses_indirect_client on
#log request from havp (so request to caching squid will be logged)
log_access allow from_havp
#do not log any other request
log_access deny all
#I am not sure about this but anyway:
#clear forwarded_for header before requesting direct server (anonymous proxy)
header_access X-Forwarded-For deny from_havp
#also clear Via header field
header_access Via deny all
havp:
Code:
FORWARDED_IP true
X_FORWARDED_FOR true
With this config:
- I can see original IPs in havp log (when virus is found).
- I have to test if X-Forwarded-For is deleted (not validated yet)
- Strange thing, that there is almost NO HIT in my squid log - only MISS -> DIRECT
Is anything wrong with this configuration?
I am worry litle bit about "acl_uses_indirect_client off". I wanted to change IP only for logging purposes and leave acl as they are, but I am not pretty sure, if this IS really working as I suppose.
Thank You
Litin