[squid-users] Redirecting traffic to fake parent

Sebastian Goicochea sebag at vianetcon.com.ar
Wed Mar 4 15:35:29 UTC 2015 

The problem is that I'm using Squid 2.7 (I know how behind I am), and I 
need to use the referrer of certain requests and give those url + 
referer to a rewriter program (Posible in v 3.5 as far as I know). So in 
order to achieve this using 2.7 I redirect the traffic to a fake node.js 
proxy, extract what I need, store it on a DB and then the rewriter con 
make a query there and make the proper rewrite. I have that working 
already, but I don't know how to mantain the original IP of the client 
making the request to the very end of the transaction so to the outside 
world it doesn't look that all the requests come from the same client.


Thanks
Sebastian


El 03/03/15 a las 23:32, Amos Jeffries escribió:
> On 4/03/2015 9:35 a.m., Sebastian Goicochea wrote:
>> Hello everyone, I'm experimenting with cache_peer directive and node.js:
>>
>> cache_peer 10.0.0.90 parent 8888 0 no-query no-digest proxy-only name=test
>>
>> in that port I have a node.js Proxy receiveing connections in the same
>> host, it extracts some information I need and saves it to a DB, then
>> redirects Squid with a 302 response with some garbage added to the url.
>> I use that garbage to match an access list so I can prevent looping.
>>
>> Squid is working in transparent mode, the problem I'm facing is that if
>> I don't configure a tcp_outgoing_address Squid does not reach port 8888
>> on localhost. If I set a tcp_outgoing_address Squid can reach
>> localhost:8888 but with his own IP address and I need it to be
>> transparent, I need the real client IP address.
> Why? what is all this for?
>
> HTTP is designed to operate just fine without forging client IPs on
> proxy outgoing traffic. Some web applications are seriously broken, but
> since its on your localhost you obviously are in a great position to fix
> this one.
>
>
> also, it sounds to me like you are using all this complex 4-party
> interaction to replicate something that an ICAP/eCAP service does much
> faster and simpler. Or perhapse you are trying to implement Squids
> StoreID feature using layers of proxies.
>
>
>> Is there a way to configure tcp_outgoing_address to use the client's IP
>> when fetching something?
> No. You can only bind to IP addresses which have been assigned to the
> machine Squid is running on. Lookup the "triangular routing" problem if
> you want all the gory details.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list