LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 09-05-2006, 07:45 AM   #1
yunus.raza
LQ Newbie
 
Registered: Jul 2004
Location: India
Posts: 16

Rep: Reputation: 0
Dansguardian & Squid


Hi All,

I have configured Dansguardian for Squid in Red Hat 9. Its working well. It is configured for port 3128 and Squid is configured for port 2831.

I have one question with the way Dansguardian forwards requests to Squid, since it sits between client and squid server, it sends the IP of the server itself to squid.

In other words if i access the log file of squid in realtime i can see that it appears to squid that the source ip is the ip of the squid server itself, and i cant makeout as to which client is accessing in my SARG report generation tool.

Is there a way to tell Dansguardian to forward the real IP of the client to squid rather than the IP of the server itself. I didnt see any such option in the dansguardian.conf file (or may be i missed it)

Please guide.

Thanks
 
Old 09-05-2006, 10:26 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
you'd enable the x-forwarded-for header. google has plenty to say about this including its use in dans.
 
Old 09-05-2006, 09:04 PM   #3
backhand
LQ Newbie
 
Registered: Sep 2006
Posts: 4

Rep: Reputation: 0
to know the client source ip, just look in the dansguardian log.. in /var/log/dansguardian/access.log but for squid to get the client source ip you need to enable the x-forward-for header.
 
Old 09-06-2006, 04:15 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
Quote:
Originally Posted by backhand
to know the client source ip, just look in the dansguardian log.. in /var/log/dansguardian/access.log but for squid to get the client source ip you need to enable the x-forward-for header.
i've already said that...
 
Old 09-06-2006, 06:37 AM   #5
yunus.raza
LQ Newbie
 
Registered: Jul 2004
Location: India
Posts: 16

Original Poster
Rep: Reputation: 0
I did that still if i see access.log of squid it says source ip as localhost.localdomain.

Anything i am missing??
 
Old 09-06-2006, 07:24 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
the squid side still needs to be told to read the header. check the configs for the squid side... http://devel.squid-cache.org/follow_xff/index.html you can see the last line of the config example there is specifically relevant to the log files as opposed to the primary use of the header to follow acl's etc...
 
Old 09-06-2006, 10:11 PM   #7
backhand
LQ Newbie
 
Registered: Sep 2006
Posts: 4

Rep: Reputation: 0
Quote:
Originally Posted by yunus.raza
I did that still if i see access.log of squid it says source ip as localhost.localdomain.

Anything i am missing??
how about your entry in dansguardian access.log
try to check inside /var/log/dansguardian/access.log
is it say source ip as localhost.localdomain?
 
Old 08-04-2010, 03:11 AM   #8
ssamir81@hotmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 3

Rep: Reputation: 0
ssamir

AOA

In order to work Squid ACL and dansguardian both at a time you have to do two things.

1. In dansguardian.conf set the 2 tags like this.

forwardedfor = on
usexforwardedfor = on

2. Now in squid.conf you have to use x-forwarded option. Set the tags like this. By default these tags are commented. Search these tags and Remove the '#' and set like this:

follow_x_forwarded_for deny all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on

And finally in writing ACL see the example below

acl my_network src 192.168.41.60
follow_x_forwarded_for allow my_network
http_access deny all

where 192.168.41.60 is the ip of my squid server and dansguardian in on the same machine.

Last edited by ssamir81@hotmail.com; 08-04-2010 at 03:12 AM.
 
Old 08-04-2010, 03:19 AM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
ssamir81@hotmail.com, please don't resurrect dead threads help us keep LQSEC as zombie-free as possible. In addition, be advised that posting the same thing multiple times isn't proper behavior.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dansguardian and Squid yeeha! Linux - Networking 4 08-21-2006 01:22 AM
need examples of squid.conf & dansguardian.conf jocast Linux - Software 1 05-11-2006 04:47 PM
dansguardian + squid shafey Linux - Security 2 12-31-2005 11:42 AM
squid (Transparent proxy) & Dansguardian metallica1973 Linux - Security 8 12-15-2005 07:52 PM
Dansguardian/Squid HELP! Prizam Linux - Software 3 09-23-2005 06:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration