Re: CONNECT method support(for https) using squid3.1.0.6 + tproxy4

Mikio Kishi <mkishi@xxxxxxx> · Sun, 28 Mar 2010 21:14:54 +0900

Hi, Amos

I'm sorry in the old topic.
In this case, I'd also like to use authentication.
So,

- auth/Acl.cc
>int
>AuthenticateAcl(ACLChecklist *ch)
>{
>    ACLFilledChecklist *checklist = Filled(ch);
>    HttpRequest *request = checklist->request;
>    http_hdr_type headertype;
>
>    ... snip ...
>    } else if (request->flags.intercepted || request->flags.spoof_client_ip) {
>        debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests.");
>        return -1;
>    }
>    ... snip ...
>}

Would you remove "request->flags.spoof_client_ip" from above ?
I hope the following.

>int
>AuthenticateAcl(ACLChecklist *ch)
>{
>    ACLFilledChecklist *checklist = Filled(ch);
>    HttpRequest *request = checklist->request;
>    http_hdr_type headertype;
>
>    ... snip ...
>    } else if (request->flags.intercepted) {    <--------
>        debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests.");
>        return -1;
>    }
>    ... snip ...
>}

Sincerely,

--
Mikio Kishi

On Sat, Apr 25, 2009 at 10:44 PM, Mikio Kishi <mkishi@xxxxxxx> wrote:
> Hi, Amos
>
>> Added to Squid-3.
>
> I'd really really appreciate !
>
> Sincerely,
>
> --
> Mikio Kishi
>
> On Fri, Apr 24, 2009 at 1:20 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>> Mikio Kishi wrote:
>>>
>>> Hi, Amos
>>>
>>>> Ah, you need the follow_x_forwarded_for feature on Proxy(1).
>>>
>>> That's right, I know about that, but I'd like to use "source address
>>> spoofing"...
>>>
>>> Just only following enables my anxiety.
>>>
>>> replacing In tunnelStart()#tunnel.cc
>>>
>>>>   sock = comm_openex(SOCK_STREAM,
>>>>                      IPPROTO_TCP,
>>>>                      temp,
>>>>                      COMM_NONBLOCKING,
>>>>                      getOutgoingTOS(request),
>>>>                      url);
>>>
>>> with
>>>
>>>>   if (request->flags.spoof_client_ip) {
>>>>       sock = comm_openex(SOCK_STREAM,
>>>>                          IPPROTO_TCP,
>>>>                          temp,
>>>>                          (COMM_NONBLOCKING|COMM_TRANSPARENT),
>>>>                          getOutgoingTOS(request),
>>>>                          url);
>>>>   } else {
>>>>       sock = comm_openex(SOCK_STREAM,
>>>>                          IPPROTO_TCP,
>>>>                          temp,
>>>>                          COMM_NONBLOCKING,
>>>>                          getOutgoingTOS(request),
>>>>                          url);
>>>>   }
>>>
>>> I think it has no harmful effects. I long for that.
>>> Would you modify that ?
>>>
>>> Sincerely,
>>>
>>> --
>>> Mikio Kishi
>>
>> Added to Squid-3.
>>
>> Amos
>> --
>> Please be using
>>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>>  Current Beta Squid 3.1.0.7
>>
>