[squid-users] Supported configuration for adding origin server IP in response header

Darren Spruell phatbuckett at gmail.com
Thu Oct 16 20:29:23 UTC 2014 

On Thu, Oct 16, 2014 at 12:40 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 17/10/2014 8:10 a.m., Darren Spruell wrote:
>> Had a use case to ask about, apologies if I missed in docs. Is
>> there a configuration that allows squid running as forward proxy to
>> add a custom response header containing the origin server IP
>> address that served the resource? Assuming no cache hierarchy.
>>
>> In the event that the resource is served from cache, would be
>> interesting if squid were able to track the IP address from which
>> the cached resource was originally retrieved to include in
>> responses. In the event that's not possible, then the IP address of
>> the cache itself as well as an indication that the resource was
>> served from cache rather than an upstream origin.
>>
>> Most resources seem to cover including this information in the
>> access log, however I'm interested in having the data in the HTTP
>> response for this case.
>>
>
> IP address is not much useful in the response - any given machine has
> multiple of those and they are also shared between anycast servers or
> load balancers.

Usefulness (utility) is in the eye of the beholder. :)

> It is also a mistake to think of "the" server as being one machine. It
> is becomming extremely popular to use CDN services these days. CDN are
> reverse-proxy services in one form or another. So "the" server may be
> a chain of servers on some path through a server farm.

In my case, those abstractions are not significant. The goal is
determining, for a client behind a forward proxy, can the proxy simply
inform the client of the IP address to which the proxy connected to
fetch the resource? The IP address is the key data element for this
case. Even with a CDN the IP address of the frontend is fine.

> 1) The Via header is closest to what you are seeking. In responses it
> contains each servers FQDN or an unique alias. It is supposed to
> contain a record of the whole chain of machines the message traversed.
>  - The problem is that a lot of admin disable it or strip it out of
> the traffic. So you may get a proper chain or only what your proxy is
> adding, with no easy way to identify missing chain data.

I view the Via header as similar to the Received header in SMTP. In
this case it's added by other proxies/caches, correct? But I have no
cache hierarchy, and simply need the IP address of the origin server.
Squid knows what it is, because it opens a socket to it. It can filter
it with ACLs. It can log it in the access log.

Can it add it into a response header?

DS

More information about the squid-users mailing list