logging the real IP, ACls

From: Miguel A.L. Paraz <map@dont-contact.us>
Date: Tue, 18 Feb 1997 03:03:37 -0800 (GMT+8)

Hi,

ricky wrote:
 
> This is a very simple problem that I know I should have solved by now but I
> am still stuck and am wondering anyone out there with a solution.
>
> 1) I am having trouble getting access_log for apache to store the correct
> remote_host/IP_host for users using the cache server (it just uses
> the cache servers IP address). This happens even though I have defined
> local domain AND cache_stoplist to aviod local caching.
> local caching isn't a problem it doesn't do it.. just the logged data
> for apache is wrong.

As long as Squid is the one accessing the sites, its IP address will always
be logged. You'll have to define this in the user's browser, e.g.
in the "No proxy" section.

Or, you could let Apache log the X-Forwarded-For header. Use
the mod_log_config to do this. However, that header can easily be forged!

> 2) Say thereis a remote site which is malicious and uses my cache server
> to fill it up with rubbish. How do I stop certain domains from using
> the cache server.

Read up on ACLs... though your very own users can do that just as well... :)

-- 
miguel a.l. paraz  <map@iphil.net>              |  pgp key id: 0x43F0D011
iphil communications, makati city, philippines  |  <http://www.iphil.net> 
Received on Mon Feb 17 1997 - 11:24:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:29 MST