RE: [squid-users] problem 2 squid version 3.1.3 X-Authenticated-User from Gabriele Gabriele on 2010-05-27 (squid-users)

From: Gabriele Gabriele <d_gabriele_at_hotmail.it>
Date: Thu, 27 May 2010 12:55:55 +0200

The Authentication in only on the internal proxy, in the external I need to have IP of the client and the username for some acl.

So I think I need this information on the Header.

----------------------------------------
> Date: Thu, 27 May 2010 22:51:53 +1200
> From: squid3_at_treenet.co.nz
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] problem 2 squid version 3.1.3 X-Authenticated-User
>
> Gabriele Gabriele wrote:
>> Hi to all, this is my first time here,
>> I need an help to configure my
>> squid 3.1.3
>> I show you my problem:
>> I have 2 squid proxy, one is
>> internal end one is external, the external is cache_peer for the
>> internal. On the internal squid I have the ntlm authentication,
>
> bit hard to understand that text does it mean this?
>
> Client --NTLM--> Proxy 1 --> Proxy 2 --> Internet
>
>
>> So I
>> have to pass from the internal to external the client ip source and the
>> username of the authenticated user.
>>
>> By:
>> "forwarded_for on
>> follow_x_forwarded_for
>> allow all"
>
> ... by opening an Extremely unsafe security hole...
>
>> in squid.conf I succes to send the Client ip source in
>> the header from internal to external
>> But I'm not able to send by
>> header the "X-Authenticated-User" to the external. ( I hope
>
> Yes. It's an ICAP special header.
>
>> X-Authenticathed-User is the right way )
>> I can't use ICAP, so some
>
> Yes ICAP is not the right technology.
>
>> body can help me?
>> thanks
>>
>
> To pass the client IP securely between the proxies you need to configure
> this:
>
> Proxy 1 squid.conf:
>
> forwarded_for on
>
>
> Proxy 2 squid.conf:
>
> acl proxy1 src
>
> follow_x_forwarded-for allow proxy1
> follow_x_forwarded-for deny all
>
>
>
> Logging in to two different proxies simultaneously with one action is
> quite hard.
>
> Instead you can setup the authentication at proxy2 and use the
> cache_peer login=PASS option at proxy1.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.3

_________________________________________________________________
MSN ti offre esattamente quello che cerchi: il tuo browser personale
http://www.pimpit.it/ie8msn/
Received on Thu May 27 2010 - 10:56:02 MDT

This archive was generated by hypermail 2.2.0 : Thu May 27 2010 - 12:00:06 MDT