Gabriele Gabriele wrote:
> Hi to all, this is my first time here,
> I need an help to configure my
> squid 3.1.3
> I show you my problem:
> I have 2 squid proxy, one is
> internal end one is external, the external is cache_peer for the
> internal. On the internal squid I have the ntlm authentication,
bit hard to understand that text does it mean this?
Client --NTLM--> Proxy 1 --> Proxy 2 --> Internet
> So I
> have to pass from the internal to external the client ip source and the
> username of the authenticated user.
>
> By:
> "forwarded_for on
> follow_x_forwarded_for
> allow all"
... by opening an Extremely unsafe security hole...
> in squid.conf I succes to send the Client ip source in
> the header from internal to external
> But I'm not able to send by
> header the "X-Authenticated-User" to the external. ( I hope
Yes. It's an ICAP special header.
> X-Authenticathed-User is the right way )
> I can't use ICAP, so some
Yes ICAP is not the right technology.
> body can help me?
> thanks
>
To pass the client IP securely between the proxies you need to configure
this:
Proxy 1 squid.conf:
forwarded_for on
Proxy 2 squid.conf:
acl proxy1 src <ip-of-proxy-1>
follow_x_forwarded-for allow proxy1
follow_x_forwarded-for deny all
Logging in to two different proxies simultaneously with one action is
quite hard.
Instead you can setup the authentication at proxy2 and use the
cache_peer login=PASS option at proxy1.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3Received on Thu May 27 2010 - 10:52:03 MDT
This archive was generated by hypermail 2.2.0 : Thu May 27 2010 - 12:00:06 MDT