Answer the question
In order to leave comments, you need to log in
I
I
Ivan Semenov2017-08-17 07:31:02
Ivan Semenov, 2017-08-17 07:31:02
How to pass headers from dansguardian to squid?
Good afternoon!
On one machine there is a dansguardian (content filter), its ip 195.54.14.66 and port 8081, after it passes traffic through itself, it sends it to squid, ip 195.54.14.65 and port 8080. everything seems to be working fine, but there was a problem in the squid logs only ip 195.54.14.66 appears, as a result of which the classes for which this filter is intended now go to the Internet through authorization but must without it, since ip addresses are registered on squid and which must go without authorization. But since dansguardian does not transmit the ip of computers, an authorization window pops up in the browser.
On one site I dug up instructions on how to fix this, only there it is for the option when dansguardian is installed directly on the machine where squid itself is:
In theforwardedfor = on
Dansguardian configuration file /etc/dansguardian/dansguardian.conf find and change the option to:follow_x_forwarded_for allow localhost
X-Forwarded-For headers, and Squid handles them.
But this is for localhost, and how to make squid accept headers from outside, here is what is in squid.conf:
For example:
#
# acl localhost src 127.0.0.1
# acl my_other_proxy srcdomain .proxy.example.com
# follow_x_forwarded_for allow localhost
# follow_x_forwarded_for allow my_other_proxy
#
#Default:
follow_x_forwarded_for allow localhost
follow_x_forwarded_for deny allAt the moment it is.
1 answer(s)
@kokman_semenov
Here is what is written in my version:
Based on this information, I understand that this option is not supported in my version.
I
Ivan Semenov, 2017-08-17 @kokman_semenov
Basically, I'm answering my own question.
Here is the link: www.squid-cache.org/Doc/config/follow_x_forwarded_for You can see if the follow_x_forwarded_for option is present in one or another version of the squid, and if so, how to enable it.
Based on my data, my version of the squid and its parameters are:
squid -v
Squid Cache: Version 2.7.STABLE9
configure options: '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic digest negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group' '--enable-ntlm-auth-helpers=SMB' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-storeio=ufs diskd null' '--enable-delay-pools' '--enable-err-languages=Armenian Azerbaijani Bulgarian Catalan Czech Danish Dutch English Estonian Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish Ukrainian-1251 Ukrainian-koi8-u Ukrainian-utf8' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd9.2' 'build_alias=amd64-portbld-freebsd9.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS=' 'LIBS=' 'CPPFLAGS=' 'CPP=cpp'Here is what is written in my version:
Option Name: follow_x_forwarded_for
Replaces:
Requires: FOLLOW_X_FORWARDED_FOR
Default Value: noneBased on this information, I understand that this option is not supported in my version.
Similar questions
T
R
W
S
M
Maxim2015-11-16 10:54:57
How to set up transparent proxying in sqiud using SSL Peek and Splice?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question