Squid3 & dansGuardian

[debian54]

Bonjour,

Je viens d'installer récemment Squid3 couplé avec Dansguardian. Tout fonctionne correctement. J'ai juste un petit souci, à savoir :
Lorsque je fais un cat /var/log/squid3/access.log les ip des postes clients sont remplacées par 121.0.01. Donc je ne vois pas les ip des clients.
J'ai cherché sur le net, il semblerait que le souci (si on peut appeler cela ainsi) est lié au fait que les requêtes des clients sont envoyées à dansguardian puis transmisses à Squid3, donc pour Squid3 tout vient de 127.0.01 ce qui est normal.

J'ai trouvé des astuces pour afficher les ip clients à savoir :

follow_x_forqarded_for allow localhost
forwarded_for off

mais celle-ci ne semblent pas fonctionner pour Squid3 seulement pour les versions précédentes.

Si vous avez une idée, et bien je suis preneur !!! en vous remerciant par avance.

Cordialement.

[debian54]

Source : http://contentfilter.futuragts.com/w...quid_stub_logs


Using Squid Stub Logs

If you nevertheless find it necessary to analyze the Squid stub logs, the first issue that will occupy your attention will probably be that everything in the Squid log appears to originate from the same address, 127.0.0.1 (“localhost” or “loopback”). This makes sense as in this environment all requests to Squid come from DansGuardian. You may desire to instead have the Squid logs point at the “real” originating IP rather than at DansGuardian.

To do this, you'll need to both 1) have DansGuardian forward the information to Squid (which would otherwise not even have the information and so of course not be able to display it), and 2) have Squid include the information in its logs.

To make 1) happen, set forwardedfor = on in dansguardian.conf. This will cause DansGuardian to add an X-Forwarded-For: header containing the IP address of the real originator to every web request it passes to Squid.

To make 2) happen is different for different releases of Squid, and will usually (but not always) happen by default. For Squid 2.5 and before, you must apply a source code patch and rebuild Squid. The source code patch is available on the DansGuardian website by clicking on “Extras and Add-Ons” and under the “3rd Party plugins and patches for squid” heading fetching “Patch for squid that makes it log the X-Forwarded-For IP”. For Squid 2.6 and 2.7, set log_uses_indirect_client on (which in turn requires something like follow_x_forwarded_for allow localhost) in squid.conf. (This is the default Squid configuration, so it may work without explicit settings.) For Squid 3.0, set forwarded_for on in squid.conf. (This is the default Squid configuration, so it may work without explicit settings.)

Note that as a side effect of these settings, in many cases Squid will send the X-Forwarded-For: header on to the actual website, thus exposing some of your internal IP addresses and possibly allowing websites to disentangle individual users. (You can prevent this in Squid 3.1 and later by specifying forwarded_for delete.) You may or may not decide that having the “real” origin IP address in the Squid logs is so important that it overrides any possible security and privacy concerns.