Squid name-based virtual hosts + preserve host - squid

This is a discussion on Squid name-based virtual hosts + preserve host - squid ; Hi guys, I am planning to setup squid on a nat gateway. Is it possible to do name based virtual hosting on the gateway, while passing the external clients ip to the internal webserver ? I know this is possible ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Squid name-based virtual hosts + preserve host

  1. Squid name-based virtual hosts + preserve host

    Hi guys,
    I am planning to setup squid on a nat gateway.
    Is it possible to do name based virtual hosting on the gateway, while
    passing the external clients ip to the internal webserver ?
    I know this is possible with apache2 using the ProxyPreserveHost directive.

    thanks in advance



  2. Re: Squid name-based virtual hosts + preserve host

    You need to configure the webserver to log instead of the ip of the
    requester (squid), the ip that squid says "X-Forwarded-For"

    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b " squid

    In your apache2.conf or apache configuration file does the trick. You
    can edit it how you like, the important part is the %{X-Forwarded-For}i
    .. That logs the ip that squid received the request from.

    You may also have to set
    "forwarded_for on"
    in your squid.conf file. I don't know as I haven't extensively played
    around with that.


    Johnny G wrote:
    > Hi guys,
    > I am planning to setup squid on a nat gateway.
    > Is it possible to do name based virtual hosting on the gateway, while
    > passing the external clients ip to the internal webserver ?
    > I know this is possible with apache2 using the ProxyPreserveHost directive.
    >
    > thanks in advance



  3. Re: Squid name-based virtual hosts + preserve host

    Thanks for your reply, was useful. I didnt know about the x-forwarded-for
    header, wich can also be used in php, perl, etc.
    I would like to know however, if these headers are as safe as the others,
    and if squid blocks by default x-forwarded-for headers coming from the
    outside, to avoid forgeries. Otherwise all ip-based access controls behind
    the proxy would become useless.



    ha scritto nel messaggio
    news:1130444504.518902.278550@g44g2000cwa.googlegr oups.com...
    > You need to configure the webserver to log instead of the ip of the
    > requester (squid), the ip that squid says "X-Forwarded-For"
    >
    > LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b " squid
    >
    > In your apache2.conf or apache configuration file does the trick. You
    > can edit it how you like, the important part is the %{X-Forwarded-For}i
    > . That logs the ip that squid received the request from.
    >
    > You may also have to set
    > "forwarded_for on"
    > in your squid.conf file. I don't know as I haven't extensively played
    > around with that.
    >
    >
    > Johnny G wrote:
    > > Hi guys,
    > > I am planning to setup squid on a nat gateway.
    > > Is it possible to do name based virtual hosting on the gateway, while
    > > passing the external clients ip to the internal webserver ?
    > > I know this is possible with apache2 using the ProxyPreserveHost

    directive.
    > >
    > > thanks in advance

    >




+ Reply to Thread