Re: [squid-users] CONNECT method support(for https) using squid3.1.0.6 + tproxy4 from Mikio Kishi on 2010-03-28 (squid-users)

From: Mikio Kishi <mkishi_at_104.net>
Date: Sun, 28 Mar 2010 21:14:54 +0900

Hi, Amos

I'm sorry in the old topic.
In this case, I'd also like to use authentication.
So,

- auth/Acl.cc
>int
>AuthenticateAcl(ACLChecklist *ch)
>{
> ACLFilledChecklist *checklist = Filled(ch);
> HttpRequest *request = checklist->request;
> http_hdr_type headertype;
>
> ... snip ...
> } else if (request->flags.intercepted || request->flags.spoof_client_ip) {
> debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests.");
> return -1;
> }
> ... snip ...
>}

Would you remove "request->flags.spoof_client_ip" from above ?
I hope the following.

>int
>AuthenticateAcl(ACLChecklist *ch)
>{
> ACLFilledChecklist *checklist = Filled(ch);
> HttpRequest *request = checklist->request;
> http_hdr_type headertype;
>
> ... snip ...
> } else if (request->flags.intercepted) { <--------
> debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests.");
> return -1;
> }
> ... snip ...
>}

Sincerely,

--
Mikio Kishi
On Sat, Apr 25, 2009 at 10:44 PM, Mikio Kishi <mkishi_at_104.net> wrote:
> Hi, Amos
>
>> Added to Squid-3.
>
> I'd really really appreciate !
>
> Sincerely,
>
> --
> Mikio Kishi
>
> On Fri, Apr 24, 2009 at 1:20 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Mikio Kishi wrote:
>>>
>>> Hi, Amos
>>>
>>>> Ah, you need the follow_x_forwarded_for feature on Proxy(1).
>>>
>>> That's right, I know about that, but I'd like to use "source address
>>> spoofing"...
>>>
>>> Just only following enables my anxiety.
>>>
>>> replacing In tunnelStart()#tunnel.cc
>>>
>>>>   sock = comm_openex(SOCK_STREAM,
>>>>                      IPPROTO_TCP,
>>>>                      temp,
>>>>                      COMM_NONBLOCKING,
>>>>                      getOutgoingTOS(request),
>>>>                      url);
>>>
>>> with
>>>
>>>>   if (request->flags.spoof_client_ip) {
>>>>       sock = comm_openex(SOCK_STREAM,
>>>>                          IPPROTO_TCP,
>>>>                          temp,
>>>>                          (COMM_NONBLOCKING|COMM_TRANSPARENT),
>>>>                          getOutgoingTOS(request),
>>>>                          url);
>>>>   } else {
>>>>       sock = comm_openex(SOCK_STREAM,
>>>>                          IPPROTO_TCP,
>>>>                          temp,
>>>>                          COMM_NONBLOCKING,
>>>>                          getOutgoingTOS(request),
>>>>                          url);
>>>>   }
>>>
>>> I think it has no harmful effects. I long for that.
>>> Would you modify that ?
>>>
>>> Sincerely,
>>>
>>> --
>>> Mikio Kishi
>>
>> Added to Squid-3.
>>
>> Amos
>> --
>> Please be using
>>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>>  Current Beta Squid 3.1.0.7
>>
>

Received on Sun Mar 28 2010 - 12:14:57 MDT

This archive was generated by hypermail 2.2.0 : Sun Mar 28 2010 - 12:00:06 MDT