Re: [squid-users] squid + dansguardian + auth

X-Copyrighted-Material

Hi !

No, i don't have those enabled. I'm using LDAP auth in squid (although i've enabled proxy-digest.conf in dansguardian)

The problem here is the following:

When the request reaches dansguardian, the machine IP who made the request is correct.
When dansguardian passes the request to squid, it goes with the local machine IP (127.0.0.1) and squid denies the request....
I've been messing around with the following dansguardian options:
forwardedfor, usexforwardedfor and originalip

Any hints ?

I have another squid + dansguardian installation with transparent proxy and everything is working just fine...

Cheers,

Bruno Santos

----- Mensagem original -----
De: "Jose Ildefonso Camargo Tolosa" <ildefonso.camargo_at_gmail.com>
Para: "squid-users" <squid-users_at_squid-cache.org>
Enviadas: Segunda-feira, 15 de Fevereiro de 2010 17:45:35 GMT +00:00 Hora de Greenwich, Irlanda, Portugal
Assunto: Re: [squid-users] squid + dansguardian + auth

Hi!

I really don't understand why are you, people, so insistent on the
"x-forwarded-for" thing..... it has nothing to do with authentication,
unless you use IP as part of your ACLs, off course.

Now, I repeat:

authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
authplugin = '/etc/dansguardian/authplugins/proxy-digest.conf'
authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'

That's and excerpt from the dansguardian.conf file. Do you have these enabled?

I hope this helps,

Ildefonso Camargo

On Mon, Feb 15, 2010 at 5:47 AM, Bruno Santos <bvsantos_at_hal.min-saude.pt> wrote:
> X-Copyrighted-Material
>
> Hi !
>
> Yes, i was careful to check in the SPEC file to see if there was such option and it is present:
> --enable-follow-x-forwarded-for
>
> The problem i guess is when dansguardian forwards the IP to squid, instead of giving the orinal IP, it goes with the local IP.
> But, with other options enabled, i get an html response - 400 bad request..

-- 
	Use OpenSource Software 
Human knowledge belongs to the world 
	Bruno Santos 
bvsantos_at_hal.min-saude.pt 
Tel: +351 962 753 053 
	Divisão de Informática 
informatica_at_hal.min-saude.pt 
Tel: +351 272 000 155 
Fax: +351 272 000 257 
	Unidade Local de Saúde de Castelo Branco, E.P.E. 
geral_at_hal.min-saude.pt 
Tel: +351 272 000 272 
Fax: +351 272 000 257 
	
Linux registered user #349448
	
LPIC-1 Certification
-------------------------------------------------------------------------------------------
Esta mensagem e ficheiros em anexo são confidenciais e destinados somente ao conhecimento e utilização da(s) pessoa(s) ou entidade(s) a quem foram endereçados.
Cabe ao destinatário verificar a existência de vírus ou erros, uma vez que a informação contida pode ser interceptada e/ou modificada.
Se recebeu este e-mail por engano, ou a eles teve acesso não sendo o destinatário, por favor informe de imediato o seu administrador de sistemas 
e elimine-o sem o utilizar, divulgar ou reproduzir.
        
Proteja o ambiente. Antes de imprimir este e-mail, verifique se realmente necessita.