how to determine originating IP address when apache is behind squid
am 03.10.2006 21:01:09 von Jim HayterHi,
I'm running Apache 1.3.33 on Solaris. I'd like to use Squid in front of
Apache to handle caching static files. My current Apache config has a
number of rewrite rules that are dependent upon %{REMOTE_ADDR}. When
Squid is in use, %{REMOTE_ADDR} takes on the address of the squid proxy
for all requests. If I invoke a page to print the environment settings
with Squid as a front end, I see HTTP_X_FORWARDED_FOR set to the
originating IP address. This comes from a header added by Squid. I've
determined that I can log this value in my access log using
%{HTTP_X_FORWARDED_FOR}e.
I have not been able to find a way to access this value in Apache
rewrite rules/setenv directives. I've tried the following:
# init IPOK flag
RewriteRule .* - [E=IPOK:0]
# try 1
RewriteCond %{HTTP_X_FORWARDED_FOR} ^10\.28\.40\.2$
RewriteRule .* - [E=IPOK:1]
# try 2
RewriteCond %{X_FORWARDED_FOR} ^10\.28\.40\.2$
RewriteRule .* - [E=IPOK:2]
# try 3
SetEnvIf HTTP_X_FORWARDED_FOR ^10\.28\.40\.2$ IPOK=3
# try 4
SetEnvIf X_FORWARDED_FOR ^10\.28\.40\.2$ IPOK=4
The only one of the above that is acted upon is the first, setting IPOK
to 0. I was hoping to set IPOK and then use it as follows:
AllowOverride None
AuthType basic
AuthName "Restricted"
AuthUserFile conf/password.file
require user admin
# allow access by IP
Order deny,allow
Deny from all
# monitoring systems
Allow from 10.20.34.0/24
# if IP ok
Allow from env=IPOK
Satisfy any
Any suggestions welcomed. Also, any suggestions for Squid support fora
appreciated.
Jim
None of these