Search squid archive

Passing ident information as proxy_auth user to upstream cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all.

I have need to do this type of caching/filtering:

Internal Network --> squid1 --> Dansguardian --> squid2 --> Internet

I would like to have squid enforce this type of ACL policy:

1. If squid1 can do an ident lookup and the ident username is OK, allow access. 2. If squid1 can not do an ident lookup, prompt for authentication via PAM against LDAP. 3. Either way, pass the username credential upstream to Dansguardian so that it may determine filter lists based on the supplied name.

I have already setup 1 and 2 and they work as expected. Squid1 will pass the prompted authentication upstream to DG but if squid1 applies the ident ACL, that information is not seen/understood by the upstream DG.

I have tried to have DG do a seperate ident lookup when it receives the request but even with x-forwarded headers it tries to do the ident lookup to the actual request source (the squid server, not the original client).

Since this option did not work, I thought that maybe there was a way to get squid to pass the ident information upstream as if it was a basic_auth username. This would solve my problem.

The basic idea is to apply separate filter lists in dansguardian based on a username (determined from either ident or failing that basic_auth).

Any suggestions?

Thanks, Al

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux