Re: [squid-users] external_acl_type with http request header question

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 13 May 2005 01:14:40 +0200 (CEST)

On Thu, 12 May 2005, Ryan Lamberton wrote:

> everything is allowed. It looks like the script is giving an OK even if the
> x-pun is not in the browser. What does squid pass to the ident.pl if there
> is no header x-pun?

- I think. Was a long time since I wrote this, and I never used it in
situations where I needed to know the header was not set..

> I corrected it by changing
>
> http_access allow propel_auth
>
> to
>
> http_access allow localhost propel_auth
>
> but I would like to use this option without localhost.

I would not.. you should only allow the use of this header from trusted
sources. If not anyone who can reach the proxy and knows you are using
this scheme may spoof as any user for you...

Regards
Henrik
Received on Thu May 12 2005 - 17:14:49 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT