Hermidio A. Rodriguez Chavez escribió:
> Jenny Cabrera Varona escribió:
>
>> si hago eso el squid me muestra todas las conexines como que las esta
>> haciendo el mismo server en esa direccion o sea una peticion hecha a
>> http://www,google.com.cu estaria hecha por el mismo server, o sea que no
>> me permite ver quien esta haciendo realmente las peticiones, pero ya te
>> digo, eso es solo en los logs del squid, porque el dansguardian si me da
>> los reportes correctos ok, mi unico problema al poner al squid a
>> escuchar por 127.0.0.1:3128 son los delay pool, porque los logs los veo
>> por el dansguardian sin problemas ....
>>
>> =========================================
>> Sistema de Correos
>> Nodo Geominera Camaguey
>> Mensaje Analizado con AVG Antivirus
>> =========================================
>>
>>
>> _______________________________________________
>> Cancelar suscripción
>> https://listas.softwarelibre.cu/mailman/listinfo/linux-l
>> Buscar en el archivo
>> http://listas.softwarelibre.cu/buscar/linux-l
>>
>>
>>
> Te repito si tu squid solo te muetsra la ip del servidor que tiene el
> filtro nunca te van a funcionar las delay pools a menos que se las
> apliques a ese servidor.
>
> Saludos
>
> Hermidio
>
>
> _______________________________________________
> Cancelar suscripción
> https://listas.softwarelibre.cu/mailman/listinfo/linux-l
> Buscar en el archivo
> http://listas.softwarelibre.cu/buscar/linux-l
>
>
necesitas un parche para squid para que el dansguardian que tiene una
opción de forwardear las ip de los usuarios cuando se conectan al squid
y así este no se afectaría por el problema que tienes, necesitas poner
ese parche y compilar squid con la opción: X-Forwarded-For,
# TAG: forwarded_for on|off
# If set, Squid will include your system's IP address or name
# in the HTTP requests it forwards. By default it looks like
# this:
#
# X-Forwarded-For: 192.1.2.3
#
# If you disable this, it will appear as
#
# X-Forwarded-For: unknown
#
#Default:
# forwarded_for on
# TAG: forward_log
# Note: This option is only available if Squid is rebuilt with the
# -DWIP_FWD_LOG option
#
# Logs the server-side requests.
#
# This is currently work in progress.
#
#Default:
# none
--enable-follow-x-forwarded-for
Enable support for following the X-Forwarded-For
HTTP header to try to find the IP address of the
original or indirect client when a request has
been forwarded through other proxies.
# OPTIONS FOR X-Forwarded-For
#
-----------------------------------------------------------------------------
# TAG: follow_x_forwarded_for
# Allowing or Denying the X-Forwarded-For header to be followed to
# find the original source of a request.
#
# Requests may pass through a chain of several other proxies
# before reaching us. The X-Forwarded-For header will contain a
# comma-separated list of the IP addresses in the chain, with the
# rightmost address being the most recent.
#
# If a request reaches us from a source that is allowed by this
# configuration item, then we consult the X-Forwarded-For header
# to see where that host received the request from. If the
# X-Forwarded-For header contains multiple addresses, and if
# acl_uses_indirect_client is on, then we continue backtracking
# until we reach an address for which we are not allowed to
# follow the X-Forwarded-For header, or until we reach the first
# address in the list. (If acl_uses_indirect_client is off, then
# it's impossible to backtrack through more than one level of
# X-Forwarded-For addresses.)
#
# The end result of this process is an IP address that we will
# refer to as the indirect client address. This address may
# be treated as the client address for access control, delay
# pools and logging, depending on the acl_uses_indirect_client,
# delay_pool_uses_indirect_client and log_uses_indirect_client
# options.
#
# SECURITY CONSIDERATIONS:
#
# Any host for which we follow the X-Forwarded-For header
# can place incorrect information in the header, and Squid
# will use the incorrect information as if it were the
# source address of the request. This may enable remote
# hosts to bypass any access control restrictions that are
# based on the client's source addresses.
#
# For example:
#
# acl localhost src 127.0.0.1
# acl my_other_proxy srcdomain .proxy.example.com
# follow_x_forwarded_for allow localhost
# follow_x_forwarded_for allow my_other_proxy
#
#Default:
# follow_x_forwarded_for deny all
Si necesitas un .deb ya compilado con todo esto, escribirme al privado.
Salu2
Para más información www.google.com.cu.
--
______________________________________________
Arian Molina Aguilera
Administrador de Redes y Servicios Telemáticos
Linux Usuario Registrado #392892
Telfs: (5347)861200 Ext 295, (5347)861294
jabber: [EMAIL PROTECTED]
Visitenos en http://www.eiefd.co.cu
EIEFD La Habana. Cuba.
_______________________________________________
Cancelar suscripción
https://listas.softwarelibre.cu/mailman/listinfo/linux-l
Buscar en el archivo
http://listas.softwarelibre.cu/buscar/linux-l
