On Thu, Apr 10, 2008 at 9:47 PM, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > The above ICAP and HTTP headers are from a non-Squid proxy, right? What > confuses me is that earlier you said that Squid was sending: > > > X-Authenticated-User: test\r\n > > yet I cannot find that header in Squid3 sources. Did you apply some > patches to teach Squid to emit that header? No Alex, this packet was sent by Squiq (Squid3.0STABLE1 on ubuntu server 8.04 beta). "X-Authenticated-User" Was put by me in squid.conf customizing: # TAG: icap_client_username_header # ICAP request header name to use for send_client_username. # #Default: # icap_client_username_header X-Client-Username icap_client_username_header X-Authenticated-User I've modified this TAG because I saw that username is inserted here by Squid and my ICAP server was looking for the username in this field. (if I understood the working method of the ICAP server and the meaning of the TAG that I've modified). You saw "X-Authenticated-User: dGVzdA==\r\n" instead of "X-Authenticated-User: test\r\n" because the text was base64 encrypted by Squid, but this is not a problem, in fact, the working non-Squid proxy that i'm trying to replace with Squid, send user data in base64 encrypted method too. Below you can find a packet sniffed with the non-Squid working proxy, I hope that can help you. Frame 7 (1419 bytes on wire, 1419 bytes captured) Ethernet II, Src: xx:xx:xx:xx:xx:xx, Dst: xx:xx:xx:xx:xx:xx Internet Protocol, Src: yyy.yyy.yyy.yyy (yyy.yyy.yyy.yyy), Dst: zzz.zzz.zzz.zzz (zzz.zzz.zzz.zzz) Transmission Control Protocol, Src Port: 27616 (27616), Dst Port: icap (1344), Seq: 1, Ack: 1, Len: 1353 Internet Content Adaptation Protocol REQMOD icap://zzz.zzz.zzz.zzz:1344/icap ICAP/1.0\r\n Host: zzz.zzz.zzz.zzz:1344\r\n Encapsulated: req-hdr=0, null-body=1042\r\n X-Authenticated-User: TERBUDovL2pqai5qamouampqLmpqajozODkvdWlkPXVzZXJuYW1lLG91PVBlb3BsZSxvPW15b2ZmaWNlLGRjPW15Y29tcGFueSxkYz1nbG9iYWw=\r\n X-Client-IP: aaa.aaa.aaa.aaa\r\n X-Server-IP: bbb.bbb.bbb.bbb\r\n Preview: 0\r\n \r\n GET http://ad.doubleclick.net/noidadj/N2263.rai_OMD/B2583491;sz=728x90;ord=bjwdyor,bdWzpjWxppKN? HTTP/1.0\r\n Host: ad.doubleclick.net\r\n Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=\r\n Cookie: test_cookie=CheckForPermission\r\n Accept: */*\r\n Referer: http://www.televideo.rai.it/televideo/pub/pagina.jsp?pagina=315\r\n Accept-Language: it\r\n User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n \r\n Thanks Davide