[squid-users] Risposta: Re: [squid-users] Squid (using External ACL) problem with Icap

From: Roberto Galluzzi <Roberto.Galluzzi_at_zucchetti.it>
Date: Fri, 02 Dec 2011 10:47:53 +0100

I tried using the path end It works perfectly.

Thank you very much!!

>>> Amos Jeffries <squid3_at_treenet.co.nz> 02/12/2011 8.54 >>>
On 2/12/2011 4:37 a.m., Roberto Galluzzi wrote:
> Hi,
>
> I'm using Squid 3.1 and SquidGuard with success. Now I want to add SquidClamav 6.
>
> Versions 6.x need Icap and I didn't have problem to install.
>
> In my Squid configuration I use External ACL to get username from a script but enabling Icap I can't surf because user is empty (in access.log). However in my script log I see that Squid is using it.
>
> If I use simple authentication (auth_param basic ...) I get user and all work.
>
> Nevertheless I MUST use External ACL so I need help about this context.

The problem is that external_acl_type "user=" tag is not an
authenticated username. Just a label for logging etc. in the current Squid.

There is a temporary workaround patch available in the existing bug report:
http://bugs.squid-cache.org/show_bug.cgi?id=3132

You can use that while we continue to work on redesigning the auth
systems to handle this better.

>
> This is part of my configuration:
>
> squid.conf
> -------------------------------------------------
> (...)
> external_acl_type<name> children=15 ttl=7200 negative_ttl=60 %SRC %SRC<helper> <arguments>
> (...)
> icap_enable on
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_encode off
> icap_client_username_header X-Authenticated-User
> icap_preview_enable on
> icap_preview_size 1024
> icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
> adaptation_access service_req allow all
> icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
> adaptation_access service_resp allow all
> (...)
> -------------------------------------------------
>
> If you need other info, ask me without problem.
>
> Thank you
>
> Roberto
>
Received on Fri Dec 02 2011 - 09:48:03 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST