On Thu, Apr 10, 2008 at 3:51 PM, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > However, if the X-Authenticated-User header is in the HTTP message, then > the patch you found is irrelevant as it only affects the ICAP headers. > Please double check and we will go from there. Alex, I suppose that the 'X-Authenticated-User' value are in the header. Here the packet sniffed: Frame 14 (674 bytes on wire, 674 bytes captured) Ethernet II, Src: xx:xx:xx:xx:xx:xx, Dst: xx:xx:xx:xx:xx:xx Internet Protocol, Src: yyy.yyy.yyy.yyy (yyy.yyy.yyy.yyy), Dst: zzz.zzz.zzz.zzz (zzz.zzz.zzz.zzz) Transmission Control Protocol, Src Port: 41770 (41770), Dst Port: icap (1344), Seq: 1, Ack: 1, Len: 608 Internet Content Adaptation Protocol REQMOD icap://zzz.zzz.zzz.zzz:1344/icap ICAP/1.0\r\n Host: zzz.zzz.zzz.zzz:1344\r\n Date: Wed, 09 Apr 2008 14:23:48 GMT\r\n Encapsulated: req-hdr=0, null-body=374\r\n Preview: 0\r\n Allow: 204\r\n X-Client-IP: aaa.aaa.aaa.aaa\r\n X-Authenticated-User: dGVzdA==\r\n \r\n GET http://www.google.it/ HTTP/1.1\r\n Accept: */*\r\n Accept-Language: it\r\n UA-CPU: x86\r\n Accept-Encoding: gzip, deflate\r\n User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)\r\n Host: www.google.it\r\n Proxy-Connection: Keep-Alive\r\n Cookie: PREF=ID=addad0d808abb98c:TM=1203945729:LM=1203945729:S=gzFdC17czTxX2ZL4\r\n Proxy-Authorization: Basic dGVzdDp0ZXN0\r\n \r\n I think that the expanded branch is ICAP header, isn't it? How can you decode, the user are "test" and "test" are his password. Squid has checked his credential on LDAP. Thanks Davide
