Re: [squid-users] Pass the IP?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 01 May 2009 16:43:20 +1200

detariael_at_aol.com wrote:
> Hi everyone,
>
> I was talking to my ISP admin another day. We have our network
> configured in a way that we get external public IP for everyone for
> every port except for port 80, because he's got Squid set there to cache
> the pages and speed it up. He says we can't get public IP's on port 80,
> because all the traffic goes through Squid and it changes the IP.
>
> Is there a way to configure Squid that:
> 1.) it still works as a cache;
> 2.) it won't change the IP of the user as he surfs the page.
>
> If so, I'd be glad if someone could point it out, so I could forward it
> to my admin. I just hate going to sites and seeing that my IP is in some
> blacklist due to someone in my network doing some bad things (or rather,
> some malicious software doing it for them without them even knowing). I
> already have public IP - please help me get it on port 80 as well.

The easy way:
  Get your admin to enable Via and X-Forwarded-For headers. Most
blacklists I know of use them to determine the true IP behind a proxy.
  http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls

The hard way:
   Tproxy IP address spoofing.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7
Received on Fri May 01 2009 - 04:43:26 MDT

This archive was generated by hypermail 2.2.0 : Fri May 01 2009 - 12:00:02 MDT