Re: squid-users Digest, Vol 70, Issue 27

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: squid-users Digest, Vol 70, Issue 27

Monika Avalur
Hello Amos,

Thank you so much for your reply.

So my use case is, in my application I have a switch which when turned ON, reads the client IP address from the header I configured in the application (i.e. X-Forwarded-For in Squid) and based on it some rules are triggered.

If the switch is turned off, it uses proxy IP and based on it some other set of rules are triggered.

I want to establish this scenario using Squid proxy. But not sure whether Squid is sending the header.

Thanks,
Monika



On Sun, Jun 21, 2020 at 5:30 PM <[hidden email]> wrote:
Send squid-users mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."


Today's Topics:

   1. Fwd: HTTP X-FORWARDED HEADER (Monika Avalur)
   2. Re: Fwd: HTTP X-FORWARDED HEADER (Amos Jeffries)
   3. Re: Fwd: HTTP X-FORWARDED HEADER (Amos Jeffries)


----------------------------------------------------------------------

Message: 1
Date: Sun, 21 Jun 2020 15:57:21 +0530
From: Monika Avalur <[hidden email]>
To: [hidden email]
Subject: [squid-users] Fwd: HTTP X-FORWARDED HEADER
Message-ID:
        <CA+vZrw=[hidden email]>
Content-Type: text/plain; charset="utf-8"

Hello,

I am using squid proxy to test some application in my company.

I have a use cases where I need to use the X-Forwarded-For header from
squid proxy

I tried by editing the squid configuration file and including

acl localhost src 127.0.0.1

 forwarded_for on
follow_x_forwarded_for allow localhost

But still I am unable to see the HTTP header in chrome.

While I looked up the documentation, it said requires
--enable-follow-x-forwarded-for.

Can some one tell me how can I enable it?

It's sort of urgent.

Thanks & Best Regards,
Monika
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200621/eb7fa2ac/attachment-0001.html>

------------------------------

Message: 2
Date: Sun, 21 Jun 2020 22:40:26 +1200
From: Amos Jeffries <[hidden email]>
To: [hidden email]
Subject: Re: [squid-users] Fwd: HTTP X-FORWARDED HEADER
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8

On 21/06/20 10:27 pm, Monika Avalur wrote:
> Hello,
>
> I am using squid proxy to test some application in my company.
>
> I have a use cases where I need to use the X-Forwarded-For header from
> squid proxy 
>
> I tried by editing the squid configuration file and including
>
> acl localhost src 127.0.0.1
>
>  forwarded_for on

Enables the header to be sent to servers. Only relevant on intercepted
traffic.


> follow_x_forwarded_for allow localhost
>

Processes headers *received* from client.


> But still I am unable to see the HTTP header in chrome.

This is a header sent to *servers*. Browser will never see it.

>
> While I looked up the documentation, it said requires
> --enable-follow-x-forwarded-for.
>
> Can some one tell me how can I enable it?> It's sort of urgent.
>

What use exactly are you needing to use this header for?


Amos


------------------------------

Message: 3
Date: Sun, 21 Jun 2020 23:08:43 +1200
From: Amos Jeffries <[hidden email]>
To: [hidden email]
Subject: Re: [squid-users] Fwd: HTTP X-FORWARDED HEADER
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8

On 21/06/20 10:40 pm, Amos Jeffries wrote:
> On 21/06/20 10:27 pm, Monika Avalur wrote:
>> Hello,
>>
>> I am using squid proxy to test some application in my company.
>>
>> I have a use cases where I need to use the X-Forwarded-For header from
>> squid proxy 
>>
>> I tried by editing the squid configuration file and including
>>
>> acl localhost src 127.0.0.1
>>
>>  forwarded_for on
>
> Enables the header to be sent to servers. Only relevant on intercepted
> traffic.

Sorry *indirect* traffic.


Amos


------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


------------------------------

End of squid-users Digest, Vol 70, Issue 27
*******************************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: squid-users Digest, Vol 70, Issue 27

Amos Jeffries
Administrator
On 22/06/20 1:24 am, Monika Avalur wrote:
> Hello Amos,
>
> Thank you so much for your reply.
>
> So my use case is, in my application I have a switch which when turned
> ON, reads the client IP address from the header I configured in the
> application (i.e. X-Forwarded-For in Squid) and based on it some rules
> are triggered.
>

You do not have to configure anything to *send* the XFF header. That is
the default behaviour. Config is only needed to receive it from clients,
and to manipulate it.


> If the switch is turned off, it uses proxy IP and based on it some other
> set of rules are triggered.
>
> I want to establish this scenario using Squid proxy. But not sure
> whether Squid is sending the header.

To see what HTTP headers Squid is sending you can configure
"debug_options 11,2" and look for "HTTP server REQUEST" in cache.log



You may want to look into the standard "Forwarded" header for a better
long-term solution. <https://tools.ietf.org/html/rfc7239>

Currently that will need a bit of configuration for Squid to send, but
easily done:
  request_header_add Forwarded "for=%>a" all


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users