RE: by-pass requests?

From: Armistead, Jason <ARMISTEJ@dont-contact.us>
Date: Thu, 04 Dec 1997 18:08:00 -0500

>From: Harald Falkenberg[SMTP:hfalken@x4u2.desy.de]
>Sent: Friday, 5 December 1997 2:44
>To: squid-users@nlanr.net
>Subject: by-pass requests?
>
>I have the problem that there are some protected pages on our web server,
>which check the IP address mask of the client machine to differ between
>requests coming from inside or outside our domain.
>
>Our cache server is accessible for people inside and outside our domain.

Hmmm, why would you want people outside your domain to access your cache
server. That's kinda like giving them something for free. They should
use their own cache, or their ISP's one instead !!!
>
>So requests coming from people outside our domain, using our cache server,
>become inside requests and passes the IP address check.

Your web server should either reject your Squid server (not very
practical or useful if you're using it as an accelerator) or check if
there are either of the two Proxy headers (as shown below), and then do
the IP address check (page access validation check) based on the
headers. On my system, they look like this:

WWW_HTTP_VIA = "1.0 OZM06:8080 (Squid/1.1.11)"
WWW_HTTP_X_FORWARDED_FOR = "153.14.7.124"

You might have to hack the Web server you're using though, to get it
working right, since most web servers protection mechanisms look only at
the IP source address, and not the proxy headers.
>
>Is there any way to configure squid, so that request from certain
>hosts/domains to certain web servers by-pass squid as they would come
>directly from the client?

No, if the socket originates at your Squid server, the web server sees
it as coming from your Squid server. That's a fact of TCP/P life.

Cheers

Jason
Received on Thu Dec 04 1997 - 15:17:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:50 MST