Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: markehle on November 14, 2007, 04:02:11 PM

Title: squid, dansguardian, and --enable-follow-x-forwarded-for
Post by: markehle on November 14, 2007, 04:02:11 PM

Folks -

I am using a 7.2 box as a proxy/filter using dansguardian in a public library, and it performs great. I would like to start using delay pools, as when the kids get out of school, they come over and clobber our bandwidth.

I can't get delay pools to work because of dansguardian; as far as squid is concerned, it only has one customer coming from 127.0.0.1, so it can't discern who to delay.

I guess I need to have the  --enable-follow-x-forwarded-for configure option compiled into squid

Can anybody tell me what the best way to go about this is?

Thanks -

Mark

Title: Re: squid, dansguardian, and --enable-follow-x-forwarded-for
Post by: raem on November 15, 2007, 04:08:44 AM

Alternatively try the HTBWondershaper script, do a forum search to find it.

Title: Re: squid, dansguardian, and --enable-follow-x-forwarded-for
Post by: stephen noble on November 15, 2007, 08:41:05 AM

use delay pools to throttle the sites they go to

Title: Re: squid, dansguardian, and --enable-follow-x-forwarded-for
Post by: raem on November 15, 2007, 01:51:06 PM

http://wiki.contribs.org/Wondershaper

Title: Re: squid, dansguardian, and --enable-follow-x-forwarded-for
Post by: byte on November 15, 2007, 11:20:02 PM

Moving this topic to the SME 7.x contribs forum, it is more appropriate there. Thanks!

Title: Re: squid, dansguardian, and --enable-follow-x-forwarded-for
Post by: markehle on November 16, 2007, 02:31:01 AM

OK, Byte - thanks.

Title: Re: squid, dansguardian, and --enable-follow-x-forwarded-for
Post by: vincepanozzo on September 10, 2008, 06:45:35 AM

Quote from: markehle on November 14, 2007, 04:02:11 PM

Folks -

I am using a 7.2 box as a proxy/filter using dansguardian in a public library, and it performs great. I would like to start using delay pools, as when the kids get out of school, they come over and clobber our bandwidth.

I can't get delay pools to work because of dansguardian; as far as squid is concerned, it only has one customer coming from 127.0.0.1, so it can't discern who to delay.

I guess I need to have the  --enable-follow-x-forwarded-for configure option compiled into squid

Can anybody tell me what the best way to go about this is?

Thanks -

Mark

Here is how I resolved this problem:

You must include the client IP into the header sent to Squid.
To do this you will need to change the following setting in dansguardian.conf to "on" (default is off)

# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header.  This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = on

You should do this using the templates-custom but I will not go into that detail here.

Then in your squid.conf you can identity the IP address by retreiving it from the Header sent from Dansguardian:

acl aclname req_header X-Forwarded-For -i <IP address>

(You will need to change aclname and <IP address>)

Then you can use this to do your pool delays

Again you should do this by using templates-custom.

Hope this helps.