Re: [squid-users] problem 2 squid version 3.1.3 X-Authenticated-User

From: Amos Jeffries <>
Date: Thu, 27 May 2010 22:51:53 +1200

Gabriele Gabriele wrote:
> Hi to all, this is my first time here,
> I need an help to configure my
> squid 3.1.3
> I show you my problem:
> I have 2 squid proxy, one is
> internal end one is external, the external is cache_peer for the
> internal. On the internal squid I have the ntlm authentication,

bit hard to understand that text does it mean this?

Client --NTLM--> Proxy 1 --> Proxy 2 --> Internet

> So I
> have to pass from the internal to external the client ip source and the
> username of the authenticated user.
> By:
> "forwarded_for on
> follow_x_forwarded_for
> allow all"

... by opening an Extremely unsafe security hole...

> in squid.conf I succes to send the Client ip source in
> the header from internal to external
> But I'm not able to send by
> header the "X-Authenticated-User" to the external. ( I hope

Yes. It's an ICAP special header.

> X-Authenticathed-User is the right way )
> I can't use ICAP, so some

Yes ICAP is not the right technology.

> body can help me?
> thanks

To pass the client IP securely between the proxies you need to configure

Proxy 1 squid.conf:

   forwarded_for on

Proxy 2 squid.conf:

   acl proxy1 src <ip-of-proxy-1>

   follow_x_forwarded-for allow proxy1
   follow_x_forwarded-for deny all

Logging in to two different proxies simultaneously with one action is
quite hard.

Instead you can setup the authentication at proxy2 and use the
cache_peer login=PASS option at proxy1.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.3
Received on Thu May 27 2010 - 10:52:03 MDT

This archive was generated by hypermail 2.2.0 : Thu May 27 2010 - 12:00:06 MDT