Bernd Hilmar wrote:
> we have IP-based virtual Hosts, and I configured squid as recommended,
> running on port 80 and set all the hosts on port 81.
I strongly disagree with this setup. Apache should run on port 80, and
Squid on port 80. Using a mixed port setup only asks for trouble.
How:
Bind apache to localhost (127.0.0.1), and Squid to the official IP
address.
> The problem is, that every environment variable, and also the logfiles are
> showing only one remote IP Adress, and this one is the originally from the
> machine, and not from the remote clients.
One approach, which is very suitful for accelerators, is to change the
logging to log X-Forwarded-For instead of the client IP address.
Work is also being made at the network level in this area, to allow both
an accelerator and a proxy to transparently provide (use) the clients IP
address. It requires support from the TCP/IP implementation of the host
where Squid is running, some small changes to Squid, and a network setup
which can support it.
> Also requesting a protected directory defined in the access.conf the
> dialog box comes up twice, first the usual dialog for authentication,
> and then for port 81.
You are probably seeing a redirect, moving the client to port 81
(bypassing the accelerator). Redirects are seen when asking for a
directory without a trailing / and a number of other occations.
> Is there any way to configure squid that in my apache logs and in the
> enviroment variables the original IP Adress from the remote client is
> shown, and that the authentication is only used once?
Yes. See above. It has not so much with Squid configuration to do, more
of an issue of how to set up an accelerator environment.
-- Henrik Nordstrom Spare time Squid hackerReceived on Tue Apr 20 1999 - 07:11:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:53 MST