[squid-users] access_log, squid and NTLM : HaProxy

From: David Touzeau <david.touzeau_at_fr.kaspersky.com>
Date: Tue, 11 Dec 2012 11:41:59 +0100

Dear
Im using HaProxy in order to balance with 2 squids 3.2x connected to
Active Directory with NTLM
The NTLM is correctly forwarded to the Squid.
But in access_log, squid did not write the NTLM session username.
in debug mode, i correctly see NTLM forwarded by HaProxy

eg:
Host: www.google-analytics.com
Proxy-Connection: keep-alive
Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAJAAAAAsASwBqAAAABIAEgBYAAAAEAAQAGoAAAAWABYAegAAAAAAAADUAQAABYKIogYC8CMAAAAPHk8Ya0Be7brddwFRGwsVREEARgBFAE8ATgBMAEkATgBFAGQAdABvAHUAegBlAGEAdQAyADUAMgBEADgAMAAxAFQAQQBPAEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV+knjgSCxCFS6pn9EnoeWQEBAAAAAAAAlojs7RzXzQGZ+wOfrEADZwAAAAACABIAQQBGAEUATwBOAEwASQBOAEUAAQAWADAAMAAwAFMATAAwADQAUABSAE8AWAAEABoAYQBmAGUAbwBuAGwAaQBuAGUALgBuAGUAdAADADIAMAAwADAAUwBMADAANABQAFIATwBYAC4AYQBmAGUAbwBuAGwAaQBuAGUALgBuAGUAdAAIADAAMAAAAAAAAAAAAAAAACAAAK6dfzwK8q0yctw3nb8Es7vizb1e17w0TPPsIlbX/BvHCgAQAAAAAAAAAAAAAAAAAAAAAAAJACgASABUAFQAUAAvADEAMAAuADMAMgAuADAALgAyADAAOgAzADEAMgA4AAAAAAAAAAAA
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.11
(KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11
Accept: */*
Referer: http://www.google.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

When connecting browsers directly to the squid, usernames are correctly
written to access_log

Why Squid did not write members in access_log when using HaProxy load
balancer ?
Best regards 

--
Received on Tue Dec 11 2012 - 10:42:09 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 11 2012 - 12:00:05 MST