Help with IP forwarder on squid

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Help with IP forwarder on squid

Juan Manuel Perrote-2
Hello we have a reverse proxy squid and on the backend a apache server
with anti DDOS software.

Any request on the apache comming from the same ip of the reverse proxy
because it is forwader to the apache backend.

We need that the apache server receip the original ip from client.

We try  the "forwarder_for on" directive at the top of squid.conf but
not result.


regards.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Help with IP forwarder on squid

Matus UHLAR - fantomas
On 28.08.19 07:59, jmperrote wrote:

>Hello we have a reverse proxy squid and on the backend a apache server
>with anti DDOS software.
>
>Any request on the apache comming from the same ip of the reverse
>proxy because it is forwader to the apache backend.
>
>We need that the apache server receip the original ip from client.
>
>We try  the "forwarder_for on" directive at the top of squid.conf but
>not result.

you must configure apache to accept that IP as the original IP.
I think it has mod_remoteip or something like that.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watkins.  -- Daffy Duck & Porky Pig
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Help with IP forwarder on squid

Juan Manuel Perrote-2
Hello Matus thanks for the answer, but on the apache backend server we
just receip request from the reverse proxy, and we mounted software for
DDOS on the apache server, so we need to identified the ip from reverse
proxy for DDOS work.

regards.


El 28/8/19 a las 08:40, Matus UHLAR - fantomas escribió:

> On 28.08.19 07:59, jmperrote wrote:
>> Hello we have a reverse proxy squid and on the backend a apache
>> server with anti DDOS software.
>>
>> Any request on the apache comming from the same ip of the reverse
>> proxy because it is forwader to the apache backend.
>>
>> We need that the apache server receip the original ip from client.
>>
>> We try  the "forwarder_for on" directive at the top of squid.conf but
>> not result.
>
> you must configure apache to accept that IP as the original IP.
> I think it has mod_remoteip or something like that.
>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Help with IP forwarder on squid

Matus UHLAR - fantomas
On 28.08.19 09:22, jmperrote wrote:
>Hello Matus thanks for the answer, but on the apache backend server we
>just receip request from the reverse proxy, and we mounted software
>for DDOS on the apache server, so we need to identified the ip from
>reverse proxy for DDOS work.

and this is eaxctly why I said you must configure apache to accept
X-Forwarder-For header from squid, so apache knows which real IP connects
from the outside.  And I said the proper module is mod_remoteip or something
similar.

However, yout anti-ddos software should connect to squid, not to apache. Or,
your squid server might be useless in that setup.

>El 28/8/19 a las 08:40, Matus UHLAR - fantomas escribió:
>>On 28.08.19 07:59, jmperrote wrote:
>>>Hello we have a reverse proxy squid and on the backend a apache
>>>server with anti DDOS software.
>>>
>>>Any request on the apache comming from the same ip of the reverse
>>>proxy because it is forwader to the apache backend.
>>>
>>>We need that the apache server receip the original ip from client.
>>>
>>>We try  the "forwarder_for on" directive at the top of squid.conf
>>>but not result.
>>
>>you must configure apache to accept that IP as the original IP.
>>I think it has mod_remoteip or something like that.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users