On Wed, 10 Feb 2010 14:05:14 +0000 (WET), Bruno Ricardo Santos <bvsantos@xxxxxxxxxxxxxxxx> wrote: > X-Copyrighted-Material > Oh, lucky you did not add your "nobody is allowed to read this" disclaimer as well. I can finally answer this request without getting myself into trouble publicly... ;) > > Hi all! > > I'm having some trouble configuring squid with auth + dansguardian content > filter. > > It's all configured, but when i try to browse, i get an error: > > Dansguardian 400 > URL malformed > > Does authentication (and dansguardian filter) only works with transparent > proxy or do i have some configuration wrong ? Auth does NOT work against transparent proxies. Is your Squid doing "transparent" NAT interception or TPROXY? > > If i configure the browser to access directly to the squid port, > everything works perfect... Yes. Good. Auth works in regular proxy configuration. > > The problem, as i see it, is about the IP dansguardian passes to squid. > After a request, dansguardian give squid the local machine IP. Yes. IMHO the documented config with DG between the client and Squid is not as good as DG between squid and the Internet. Try reversing the order of the two, so that Squid is being contacted by the visitors, and DG does its filtering before Squid stores the replies. > > If i change some options in dansguardian, as originalip, i get the error > above ! Which is produced by some error in DG. Nothing to do with Squid. > > I've tried messing around with the following options: > > forwardedfor > > usexforwardedfor > > and in squid > > follow_x_forwarded_for > > but i had no luck.... Auth is not directly related to the connecting IP unless you have turned on ACLs to limit the number of connections per IP. Doing so would block most of your users going through DG. > > Any idea ? Auth happens as a challenge reply to the requests which are not already authenticated. Whether they will work through DG depends on what type of authentication you are doing. Amos