Dansguardian & Squid
 

Hi All,

I have configured Dansguardian for Squid in Red Hat 9. Its working well. It is configured for port 3128 and Squid is configured for port 2831.

I have one question with the way Dansguardian forwards requests to Squid, since it sits between client and squid server, it sends the IP of the server itself to squid.

In other words if i access the log file of squid in realtime i can see that it appears to squid that the source ip is the ip of the squid server itself, and i cant makeout as to which client is accessing in my SARG report generation tool.

Is there a way to tell Dansguardian to forward the real IP of the client to squid rather than the IP of the server itself. I didnt see any such option in the dansguardian.conf file (or may be i missed it)

Please guide.

Thanks

you'd enable the x-forwarded-for header. google has plenty to say about this including its use in dans.

to know the client source ip, just look in the dansguardian log.. in /var/log/dansguardian/access.log but for squid to get the client source ip you need to enable the x-forward-for header. ;)

i've already said that... :confused:

I did that still if i see access.log of squid it says source ip as localhost.localdomain.

Anything i am missing??

the squid side still needs to be told to read the header. check the configs for the squid side... http://devel.squid-cache.org/follow_xff/index.html you can see the last line of the config example there is specifically relevant to the log files as opposed to the primary use of the header to follow acl's etc...

how about your entry in dansguardian access.log
try to check inside /var/log/dansguardian/access.log
is it say source ip as localhost.localdomain?

ssamir
 

AOA

In order to work Squid ACL and dansguardian both at a time you have to do two things.

1. In dansguardian.conf set the 2 tags like this.

forwardedfor = on
usexforwardedfor = on

2. Now in squid.conf you have to use x-forwarded option. Set the tags like this. By default these tags are commented. Search these tags and Remove the '#' and set like this:

follow_x_forwarded_for deny all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on

And finally in writing ACL see the example below

acl my_network src 192.168.41.60
follow_x_forwarded_for allow my_network
http_access deny all

where 192.168.41.60 is the ip of my squid server and dansguardian in on the same machine.

ssamir81@hotmail.com, please don't resurrect dead threads – help us keep LQSEC as zombie-free as possible. In addition, be advised that posting the same thing multiple times isn't proper behavior.