[squid-users] connection limit and X-Forwarded-For IP

From: Mario Remy Almeida <malmeida_at_isaaviation.ae>
Date: Mon, 12 Apr 2010 15:38:49 +0400

Hi All,

Recently I configure Squid as reverse proxy for back-end apache server
running Drupal.

acl airarabia_web dstdomain www.airarabia.com
cache_peer 10.4.171.6 parent 80 0 no-query originserver
name=airarabia_peer2 round-robin forceddomain=www.airarabia.com default
# cache_peer 10.4.171.7 parent 80 0 no-query originserver
name=airarabia_peer1 round-robin forceddomain=www.airarabia.com default
# not yet implemented
cache_peer_access airarabia_peer2 allow airarabia_web
cache_peer_access airarabia_peer2 deny all

Problem 1:-
With Apache I had connection Limit of 20 per IP (mod_limitipconn.so)

I need to achieve this with squid reverse proxy.
please let me know if below configurations is correct.

===========================
acl connectionLimit maxconn 20
acl airarabia_web dstdomain www.airarabia.com
cache_peer 10.4.171.6 parent 80 0 no-query originserver
name=airarabia_peer2 round-robin forceddomain=www.airarabia.com default
cache_peer_access airarabia_peer2 allow airarabia_web connectionLimit
cache_peer_access airarabia_peer2 deny all
===========================

Problem 2:-
After configuring reverse proxy, The apache back-end server gets the IP
of the reverse proxy and not of the actual clients.

                    squid.conf
===========================
follow_x_forwarded_for allow airarabia_web
follow_x_forwarded_for deny all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
===========================

I will work on HOW TO for mod_extract_forwarded, but mean time if
someone can verify if the above squid.conf for problem 2 is correct?

//Remy

------------------------------------------------------------------------------
Disclaimer and Confidentiality

This material has been checked for computer viruses and although none has
been found, we cannot guarantee that it is completely free from such problems
and do not accept any liability for loss or damage which may be caused.
Please therefore check any attachments for viruses before using them on your
own equipment. If you do find a computer virus please inform us immediately
so that we may take appropriate action. This communication is intended solely
for the addressee and is confidential. If you are not the intended recipient,
any disclosure, copying, distribution or any action taken or omitted to be
taken in reliance on it, is prohibited and may be unlawful. The views
expressed in this message are those of the individual sender, and may not
necessarily be that of ISA.
Received on Mon Apr 12 2010 - 11:40:03 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 12 2010 - 12:00:04 MDT