Re: [squid-users] Wrong IP number inserted into Forwarded-For header

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 1 May 2002 20:51:26 +0200

On Wednesday 01 May 2002 19:21, Richard Barrett wrote:
> I am embarrassed to say that I've discovered the cause of my
> problem and it looks to be a mainly non-Squid problem.

Thanks for letting us know.

> But in one respect I'm not entirely sure that Squid's hands are
> clean in this matter. In some instances, the requests pushed done
> the same connection by Squid seem to be incompatible. In
> particular, some requests containing no user authentication and
> others that do seem to be made down a common connection by Squid. I
> do not believe Squid should do this. If I understand correctly,
> some of the information associated with authentication is lodged in
> the Apache connection record rather than the request record and I
> presume that connection sharing by Squid might thus lead to
> problems similar to those I have experienced. I've not tried to
> prove this. I'm just hypothesising.

The HTTP specification is quite clear on this.. Authentication and
user information is a per-request property, not a property of the TCP
connection.

A server erroneously assigning per-user properties to the connection
will fail in precense of proxies, similar to how your X-Forwarded-For
log module failed.

Regards
Henrik
Received on Wed May 01 2002 - 13:34:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:52 MST