Re: [squid-users] Does squid support X-Forwarded-User

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 03 Jul 2013 09:51:33 +1200

On 3/07/2013 9:39 a.m., Alex Rousskov wrote:
> On 07/02/2013 03:00 PM, Amos Jeffries wrote:
>> On 3/07/2013 1:26 a.m., Alex Rousskov wrote:
>>> On 07/02/2013 02:34 AM, Amos Jeffries wrote:
>>>> On 2/07/2013 6:33 p.m., Blason wrote:
>>>>> I know squid support X-Forwarded-For but keen to know if I can use
>>>>> X-Forwarded-User so that user authenticated with Proxy can have
>>>>> filtering
>>>>> done on other Application Control box placed in front of Proxy. And
>>>>> Proxy can only be used for caching functionality
>>>> No.
>>> I have not tested it, but is not X-Forwarded-User supported via
>>> request_header_add with an appropriate logformat macro in the value?
>> Only for sending. The question was about support for receiving and
>> interpreting.
>
> I probably interpreted "in front" the wrong way, sorry. Well, Squid can
> certainly receive that header and a Squid helper or adapter can
> interpret it, even providing authentication-like capability if needed.
>
> Please note that I am not trying to defend the use of that header for
> anything, just indicating that some related functionality is available
> even though Squid itself does not treat X-Forwarded-User specially.

Whereas like I initially said a frontend which can add headers is far
better off adding Proxy-Authorization with the relevant details. Squid
will then support it properly and help detect any dangerous collisions
with the two headers.

Amos
Received on Tue Jul 02 2013 - 21:51:42 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 03 2013 - 12:00:12 MDT