You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Mauricio Lara (NOVA)" <ml...@novadevices.com> on 2004/07/24 00:01:54 UTC
[users@httpd] Mod_Proxy with Squid
Hi folks
I have a big problem, I have mod_proxy and squid proxy on my network because I need mod_clamav
virus checking
I have this config
Listen 8080
ProxyRequests On
ProxyVia on
ProxyPreserveHost On
ProxyRemote * http://192.168.1.1:3128
ClamavMode local
ClamavTmpdir /var/tmp/clamav
ClamavDbdir /home/clamav/share/clamav
Include /home/etc/httpd/safepatterns.conf
ClamavSizelimit 100000
ClamavReloadInterval 3600
<Proxy *>
Order Deny,Allow
SetOutputFilter CLAMAV
</Proxy>
<Location /clamav>
SetHandler clamav
</Location>
You note that I use ProxyRemote to send traffic to my squid server the problem is that
my squid server receives something like
090619793.398 11775 192.168.1.2 TCP_CLIENT_REFRESH_MISS/200 74969 GET http://www.interactive.net.ec/ - DEFAULT_PARENT/127.0.0.1 text/html
Where 192.168.1.2 is ip address from my web server but not my client ip address (192.168.1.32) then I lose every squid
config like control access because my client ip was masquerade to server ip (192.168.1.2). You note in my config file
I have ProxyPreserveHost On but doesnt work and my Client host ip always is changed.
Please help me
Mauricio
Re: [users@httpd] Mod_Proxy with Squid
Posted by "Mauricio Lara (NOVA)" <ml...@novadevices.com>.
Thanks Bruno, My squid receives clients requests and pass it all to an
apache and works fine.
Thanks again Bruno
Mauricio
----- Original Message -----
From: "Bruno Marcondes" <bm...@gmail.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, July 27, 2004 17:52
Subject: Re: [users@httpd] Mod_Proxy with Squid
> Mauricio,
>
> mod_proxy wont be able to spoof your client ips, you would need to
> hack it (and the kernel) to make it work.
> You may switch the order of your "proxy" .
> Squid receive your clients requests and pass it all to an apache ( web
> accelerator) with mod_proxy and mod_clamav . This way you keep your
> control access on squid (but loses on apache) , is a trade off you
> cant avoid without spoofing ,
>
> []'s
>
>
> ----- Original Message -----
> From: Mauricio Lara (NOVA) <ml...@novadevices.com>
> Date: Fri, 23 Jul 2004 17:01:54 -0500
> Subject: [users@httpd] Mod_Proxy with Squid
> To: users@httpd.apache.org
>
>
> Hi folks
>
> I have a big problem, I have mod_proxy and squid proxy on my network
> because I need mod_clamav
> virus checking
>
> I have this config
>
> Listen 8080
> ProxyRequests On
> ProxyVia on
> ProxyPreserveHost On
> ProxyRemote * http://192.168.1.1:3128
> ClamavMode local
> ClamavTmpdir /var/tmp/clamav
> ClamavDbdir /home/clamav/share/clamav
> Include /home/etc/httpd/safepatterns.conf
> ClamavSizelimit 100000
> ClamavReloadInterval 3600
> <Proxy *>
> Order Deny,Allow
> SetOutputFilter CLAMAV
> </Proxy>
> <Location /clamav>
> SetHandler clamav
> </Location>
>
>
> You note that I use ProxyRemote to send traffic to my squid server the
> problem is that
> my squid server receives something like
>
>
>
> 090619793.398 11775 192.168.1.2 TCP_CLIENT_REFRESH_MISS/200 74969 GET
> http://www.interactive.net.ec/ - DEFAULT_PARENT/127.0.0.1 text/html
>
> Where 192.168.1.2 is ip address from my web server but not my client
> ip address (192.168.1.32) then I lose every squid
> config like control access because my client ip was masquerade to
> server ip (192.168.1.2). You note in my config file
> I have ProxyPreserveHost On but doesnt work and my Client host ip
> always is changed.
>
> Please help me
>
> Mauricio
>
>
>
>
>
>
>
> --
> "If you really want something in this life, you have to work for it.
> Now, quiet! They're about to announce the lottery numbers..."
> - Homer Simpson
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod_Proxy with Squid
Posted by Bruno Marcondes <bm...@gmail.com>.
Mauricio,
mod_proxy wont be able to spoof your client ips, you would need to
hack it (and the kernel) to make it work.
You may switch the order of your "proxy" .
Squid receive your clients requests and pass it all to an apache ( web
accelerator) with mod_proxy and mod_clamav . This way you keep your
control access on squid (but loses on apache) , is a trade off you
cant avoid without spoofing ,
[]'s
----- Original Message -----
From: Mauricio Lara (NOVA) <ml...@novadevices.com>
Date: Fri, 23 Jul 2004 17:01:54 -0500
Subject: [users@httpd] Mod_Proxy with Squid
To: users@httpd.apache.org
Hi folks
I have a big problem, I have mod_proxy and squid proxy on my network
because I need mod_clamav
virus checking
I have this config
Listen 8080
ProxyRequests On
ProxyVia on
ProxyPreserveHost On
ProxyRemote * http://192.168.1.1:3128
ClamavMode local
ClamavTmpdir /var/tmp/clamav
ClamavDbdir /home/clamav/share/clamav
Include /home/etc/httpd/safepatterns.conf
ClamavSizelimit 100000
ClamavReloadInterval 3600
<Proxy *>
Order Deny,Allow
SetOutputFilter CLAMAV
</Proxy>
<Location /clamav>
SetHandler clamav
</Location>
You note that I use ProxyRemote to send traffic to my squid server the
problem is that
my squid server receives something like
090619793.398 11775 192.168.1.2 TCP_CLIENT_REFRESH_MISS/200 74969 GET
http://www.interactive.net.ec/ - DEFAULT_PARENT/127.0.0.1 text/html
Where 192.168.1.2 is ip address from my web server but not my client
ip address (192.168.1.32) then I lose every squid
config like control access because my client ip was masquerade to
server ip (192.168.1.2). You note in my config file
I have ProxyPreserveHost On but doesnt work and my Client host ip
always is changed.
Please help me
Mauricio
--
"If you really want something in this life, you have to work for it.
Now, quiet! They're about to announce the lottery numbers..."
- Homer Simpson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org