Re: [squid-users] Squid 3.1.x and Kemp loadbalancer.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 21 Jun 2012 13:44:20 +1200

On 20.06.2012 22:40, Josef Karliak wrote:
> Hi there,
> we use Kemp loadbalancer for balancing proxy (active-backup). All
> users has set IP of kemp loadbalancer. But in the squid access_log is
> IP of the loadbalancer, I want there an IP of the user that is
> accessing the web pages (we use webalizer for analyzing top browsing
> users).
> My logformat defined in squid.conf:
> logformat combined %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0000}tl] \
> "%rm %ru HTTP/%rv" >Hs %<st "%{Referer}>h" "%{User-Agent}>h"
> %Ss:%Sh
>
> Do I've some bad variable in the logformat ?

Your format is accurate.

The kemp load balancer apparently operates in one of two ways:

  layer 4, using NAT alteration of packets before delivery to the Squid
box. The real clients addresses are gone. There is no recovery possible.

  layer 7, using a proxy which itself makes HTTP requests through Squid.
So it is the one and only *client* to Squid. It *might* be able to set
X-Forwarded-For headers and inform Squid about the clients original IP
address. If so configure:

   acl kemp src ... IP of kemp load balancer(s)
   follow_x_forwarded_for allow kempID
   follow_x_forwarded_for deny all

NOTE: You have the alternative option of active-passive load balancing
in a PAC file which is performed directly in the client browser.

Amos
Received on Thu Jun 21 2012 - 01:44:26 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 21 2012 - 12:00:03 MDT