You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Mauricio Lara (NOVA)" <ml...@novadevices.com> on 2004/07/24 00:01:54 UTC

[users@httpd] Mod_Proxy with Squid

Hi folks

I have a big problem, I have mod_proxy and squid proxy on my network because I need mod_clamav
virus checking

I have this config

Listen 8080 
ProxyRequests On 
ProxyVia on
ProxyPreserveHost On 
ProxyRemote * http://192.168.1.1:3128 
ClamavMode local 
ClamavTmpdir /var/tmp/clamav 
ClamavDbdir /home/clamav/share/clamav 
Include /home/etc/httpd/safepatterns.conf 
ClamavSizelimit 100000 
ClamavReloadInterval 3600 
<Proxy *>  
Order Deny,Allow 
SetOutputFilter CLAMAV 
</Proxy>  
<Location /clamav>  
SetHandler clamav  
</Location>  


You note that I use ProxyRemote to send traffic to my squid server the problem is that
my squid server receives something like

090619793.398 11775 192.168.1.2 TCP_CLIENT_REFRESH_MISS/200 74969 GET http://www.interactive.net.ec/ - DEFAULT_PARENT/127.0.0.1 text/html


Where 192.168.1.2 is ip address from my web server but not my client ip address (192.168.1.32)  then I lose every squid
config like control access because my client ip was masquerade to server ip (192.168.1.2). You note in my config file
I have ProxyPreserveHost On  but doesnt work and my Client host ip always is changed.

Please help me

Mauricio

Re: [users@httpd] Mod_Proxy with Squid

Posted by "Mauricio Lara (NOVA)" <ml...@novadevices.com>.

Thanks Bruno, My squid receives clients requests and pass it all to an
apache and works fine.

Thanks again Bruno


Mauricio




----- Original Message -----
From: "Bruno Marcondes" <bm...@gmail.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, July 27, 2004 17:52
Subject: Re: [users@httpd] Mod_Proxy with Squid


> Mauricio,
>
> mod_proxy wont be able to spoof your client ips, you would need to
> hack it (and the kernel) to make it work.
> You may switch the order of your "proxy" .
> Squid receive your clients requests and pass it all to an apache ( web
> accelerator)  with mod_proxy and mod_clamav . This way you keep your
> control access on squid (but loses on apache) , is a trade off you
> cant avoid without spoofing ,
>
> []'s
>
>
> ----- Original Message -----
> From: Mauricio Lara (NOVA) <ml...@novadevices.com>
> Date: Fri, 23 Jul 2004 17:01:54 -0500
> Subject: [users@httpd] Mod_Proxy with Squid
> To: users@httpd.apache.org
>
>
> Hi folks
>
> I have a big problem, I have mod_proxy and squid proxy on my network
> because I need mod_clamav
> virus checking
>
> I have this config
>
> Listen 8080
> ProxyRequests On
> ProxyVia on
> ProxyPreserveHost On
> ProxyRemote * http://192.168.1.1:3128
> ClamavMode local
> ClamavTmpdir /var/tmp/clamav
> ClamavDbdir /home/clamav/share/clamav
> Include /home/etc/httpd/safepatterns.conf
> ClamavSizelimit 100000
> ClamavReloadInterval 3600
> <Proxy *>
> Order Deny,Allow
> SetOutputFilter CLAMAV
> </Proxy>
> <Location /clamav>
> SetHandler clamav
> </Location>
>
>
> You note that I use ProxyRemote to send traffic to my squid server the
> problem is that
> my squid server receives something like
>
>
>
> 090619793.398 11775 192.168.1.2 TCP_CLIENT_REFRESH_MISS/200 74969 GET
> http://www.interactive.net.ec/ - DEFAULT_PARENT/127.0.0.1 text/html
>
> Where 192.168.1.2 is ip address from my web server but not my client
> ip address (192.168.1.32)  then I lose every squid
> config like control access because my client ip was masquerade to
> server ip (192.168.1.2). You note in my config file
> I have ProxyPreserveHost On  but doesnt work and my Client host ip
> always is changed.
>
> Please help me
>
> Mauricio
>
>
>
>
>
>
>
> --
> "If you really want something in this life, you have to work for it.
> Now, quiet! They're about to announce the lottery numbers..."
> - Homer Simpson
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Mod_Proxy with Squid

Posted by Bruno Marcondes <bm...@gmail.com>.

Mauricio,

mod_proxy wont be able to spoof your client ips, you would need to
hack it (and the kernel) to make it work.
You may switch the order of your "proxy" .
Squid receive your clients requests and pass it all to an apache ( web
accelerator)  with mod_proxy and mod_clamav . This way you keep your
control access on squid (but loses on apache) , is a trade off you
cant avoid without spoofing ,

[]'s


----- Original Message -----
From: Mauricio Lara (NOVA) <ml...@novadevices.com>
Date: Fri, 23 Jul 2004 17:01:54 -0500
Subject: [users@httpd] Mod_Proxy with Squid
To: users@httpd.apache.org

 
Hi folks 
  
I have a big problem, I have mod_proxy and squid proxy on my network
because I need mod_clamav
virus checking 
  
I have this config 
  
Listen 8080 
ProxyRequests On 
ProxyVia on
ProxyPreserveHost On 
ProxyRemote * http://192.168.1.1:3128 
ClamavMode local 
ClamavTmpdir /var/tmp/clamav 
ClamavDbdir /home/clamav/share/clamav 
Include /home/etc/httpd/safepatterns.conf 
ClamavSizelimit 100000 
ClamavReloadInterval 3600 
<Proxy *>  
Order Deny,Allow 
SetOutputFilter CLAMAV 
</Proxy>  
<Location /clamav>  
SetHandler clamav  
</Location>  
 
  
You note that I use ProxyRemote to send traffic to my squid server the
problem is that
my squid server receives something like 
  
 

090619793.398 11775 192.168.1.2 TCP_CLIENT_REFRESH_MISS/200 74969 GET
http://www.interactive.net.ec/ - DEFAULT_PARENT/127.0.0.1 text/html
  
Where 192.168.1.2 is ip address from my web server but not my client
ip address (192.168.1.32)  then I lose every squid
config like control access because my client ip was masquerade to
server ip (192.168.1.2). You note in my config file
I have ProxyPreserveHost On  but doesnt work and my Client host ip
always is changed.
  
Please help me 
  
Mauricio 
  
  
  
  



-- 
"If you really want something in this life, you have to work for it.
Now, quiet! They're about to announce the lottery numbers..."
- Homer Simpson

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org