Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have configured Dansguardian for Squid in Red Hat 9. Its working well. It is configured for port 3128 and Squid is configured for port 2831.
I have one question with the way Dansguardian forwards requests to Squid, since it sits between client and squid server, it sends the IP of the server itself to squid.
In other words if i access the log file of squid in realtime i can see that it appears to squid that the source ip is the ip of the squid server itself, and i cant makeout as to which client is accessing in my SARG report generation tool.
Is there a way to tell Dansguardian to forward the real IP of the client to squid rather than the IP of the server itself. I didnt see any such option in the dansguardian.conf file (or may be i missed it)
to know the client source ip, just look in the dansguardian log.. in /var/log/dansguardian/access.log but for squid to get the client source ip you need to enable the x-forward-for header.
to know the client source ip, just look in the dansguardian log.. in /var/log/dansguardian/access.log but for squid to get the client source ip you need to enable the x-forward-for header.
the squid side still needs to be told to read the header. check the configs for the squid side... http://devel.squid-cache.org/follow_xff/index.html you can see the last line of the config example there is specifically relevant to the log files as opposed to the primary use of the header to follow acl's etc...
In order to work Squid ACL and dansguardian both at a time you have to do two things.
1. In dansguardian.conf set the 2 tags like this.
forwardedfor = on
usexforwardedfor = on
2. Now in squid.conf you have to use x-forwarded option. Set the tags like this. By default these tags are commented. Search these tags and Remove the '#' and set like this:
follow_x_forwarded_for deny all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
And finally in writing ACL see the example below
acl my_network src 192.168.41.60
follow_x_forwarded_for allow my_network
http_access deny all
where 192.168.41.60 is the ip of my squid server and dansguardian in on the same machine.
Last edited by ssamir81@hotmail.com; 08-04-2010 at 03:12 AM.
ssamir81@hotmail.com, please don't resurrect dead threads – help us keep LQSEC as zombie-free as possible. In addition, be advised that posting the same thing multiple times isn't proper behavior.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
