[squid-users] accelerated squid w/ssl/ldap for multiple web servers

I've looked through the FAQ'sm scoured the net, read through the O'reilly
book, "Squid, the Definitive Guide", and played around quite a bit with
squid. Here's what I'd like to do:

Use Squid as a reverse proxy, in our DMZ zone to have ldap authenticated
users have access to multiple back end web servers. Additionally I'd like to
have the connection from the proxy to the end users be a SSL connection.

On linux I compiled and installed the openssl-devel and openldap-devel to
get the library and header files for both and compiled squid with the
--enable-ssl and --enable-basic-auth-helpers=LDAP parameters. Squid
installed fine. I also got squidguard as a redirector and have that
functioning ok. When I try to use the ldap authentication I get an error
that shows up saying "authentication not applicable on accelerated requests"
I did find some messages on the web to first compile Squid and then alter
the make file with the line "DEFINES = DAUTH_ON_ACCELERATION" and then to
make clean and make install. I did that but still get the same error. I'm
using Squid 2.5 Stable 5. The messages I saw mentioning this hidden value of
DEFINES pertained to earlier versions of Squid, so maybe it doesn't work
with Squid 2.5-5. None of the messages explained where to put this DEFINES
line, so I put it up fairly high within the Makefile, right above the
"INSTALL = /usr/bin/install" line.

Can I do above, where is there help for this, and will it pass the ldap
username to the web applications. One of the webservers is set up like a
portal, with the server itself doing ldap authentication and controlling
content based on the username which is matched to a profile within a
database the web server uses. This authentication is done on the backend
network though, and it would be better to have this authentication occur
further away from the back end network.

I also appear to be stuck in trying to define a self signed cert and not
have Squid check with an authenticating server. I've seen some vague
messages concerning this which most likely explains why I can't get the cert
to work either.

As an accelerated proxy, without ldap and ssl it works great, with
squidguard. One problem with ssl and squidguard is figuring out the ACL
lists. I end up looking for website.com:443/site2 on the backend server
after the converstion and don't want the 443 port in there.

Chris Perreault
Received on Fri May 21 2004 - 14:09:30 MDT