[plug] multiple web clients accessing a single site via proxy

Craig Foster craig at fostware.net
Tue Jan 23 23:52:51 WST 2007

> -----Original Message-----
> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On
> Behalf Of Sol Hanna
> Sent: Tuesday, 23 January 2007 7:56 PM
> To: plug at plug.org.au
> Subject: Re: [plug] multiple web clients accessing a single site via
> proxy
> On Tuesday 23 January 2007 18:59, you wrote:
> > On Tue, Jan 23, 2007, Sol Hanna wrote:
> > > hi all,
> > >
> > > The school runs a network proxy through which all web traffic
> I
> > > know enough about proxies to know that all traffic emanating from
> behind
> > > the proxy appears to the web servers as if coming from a single
> host. So
> > > matching the cookie authenticated requests from each browser  is a
> very
> > > difficult task for the web server if the browser requests are
> occurring
> > > near-to simultaneously.
> > >
> > > Are my conclusions about the problem correct? And if so, is there
> > > anything I can do if I want a class of students to register and
> a
> > > site during a session without these nasty consequences?
> >
> > Hiya,
> >
> > (I've got my Squid web proxy/cache hat on here.)
> >
> > This is one of those "annoying" problems with proxies in the past.
> Web
> > sites are pretty notorious for being proxy/cache ignorant!
> >
> > Its not exactly as you suspect however. Some sites in the past have
> naively
> > assumed IP == session but this has thankfully gone away now that
> > lots-of-people- hiding-behind-one-IP-via-NAT has become all the
> vogue. So
> > nowdays its down to bad caching information in their HTTP replies
> > (sometimes happens!) and sometimes badly behaving persistent
> connections.
> Thanks for that excellent and very prompt reply Adrian. That certainly
> goes a
> long way to explaining the problem and possible solution. Sadly,
> basically
> everything DETWA uses in schools is M$ (except where conscientious
> admins are
> working in a given school), so not much chance of Squid being in
> effect.
> Which is a pity cos I've used it before and was mightily impressed
> its
> power and configurability. :)
> I'll check things out over the next week or so and see how things go.
> If I do
> encounter problems whilst running a class I'll have a backup plan, and
> be
> ready to diagnose the problem so I can talk to the admin about
> the
> proxy rules if necessary.
> much appreciated!
> --
> ---
> Sol Hanna
> sol.hanna at three.com.au

DETWA will only allow one machine to connect upstream to their proxy, so
you should have a local proxy at the school as well.

One of the suppliers (TFX) install a linux box called 'Cerberus' using
squid and last time I looked, squidgard. Squid is quite handy as it can
be made to rewrite certain requests, use never locally cache others, and
so on.
Another option in Squid is to turn on X-ForwardedFor which may give
individual users a separate (local 10.x.x.x) IP in their cookies. 

I know what you may need to go though, getting a straight answer from
DETWA or 'Silver City' can be detrimental to your hairline :P You're not
part of 100-Schools though, are you? *That* could be an issue...



More information about the plug mailing list