Filtering client IP address with two Squid Proxy Server(Parent and Child)

**IAmJ** · October 16th, 2014

Hi Guys,
Good day!
I hope that you can help me with this

My scenario is,
I have a Parent Proxy, we'll name it Proxy1 and I have a Child proxy, we'll name it Proxy2
my user1 has an IP address of 10.10.9.2 and then user2 has an IP Address of 10.10.9.6

my Proxy2 has an unlimited internet access in my Parent Parent Proxy(Proxy1),
then my user2 is blocked in my Proxy1 only user1 and Proxy2 is allowed to access the internet in Proxy1

My question is , can Proxy1 detects the IPAddress of user2 when it'll use Proxy2 as it's proxy?

**IAmJ** · October 16th, 2014

Hi Guys,
Good day!
I hope that you can help me with this

My scenario is,
I have a Parent Proxy, we'll name it Proxy1 and I have a Child proxy, we'll name it Proxy2
my user1 has an IP address of 10.10.9.2 and then user2 has an IP Address of 10.10.9.6

my Proxy2 has an unlimited internet access in my Parent Proxy(Proxy1),
then my user2 is blocked in my Proxy1 only user1 and Proxy2 is allowed to access the internet in Proxy1

My question is , can Proxy1 detects the IPAddress of user2 when it'll use Proxy2 as it's proxy?

**overdrank** · October 16th, 2014

Hi and welcome, please do not create multiple threads on the same issue. Threads merged

**SeijiSensei** · October 16th, 2014

Originally Posted by IAmJ

My question is , can Proxy1 detects the IPAddress of user2 when it'll use Proxy2 as it's proxy?

No. All connections from Proxy2 will have Proxy2's external address. Only Proxy2's logs will contain the address of the originating client.

Remember that Squid itself acts like a web client when it sends out requests. It works exactly the same as if you opened a browser on the proxy machine and entered the URL in its address box.

**IAmJ** · October 17th, 2014

Thanks SeijiSensie,

but is there another way to filter this logs? so that this users can't thoroughly access the internet in Proxy1?

**SeijiSensei** · October 17th, 2014

Well, you could use an ACL in proxy 2 to block requests from that IP address. We need more specifics to understand what you are trying to accomplish. Would this user be allowed to go to other sites within your network, but not out to the Internet? That's a lot more difficult to configure than just blocking by IP address. If you add

Code:

acl block_me src 10.10.10.10
http_access deny block_me

to squid.conf on proxy2, then the user at 10.10.10.10 will be denied. Setting up rules to enable access to some locations but not others is possible, but you will need to read up on ACLs, particularly how to combine them.