Greetings, I am configuring a Squid/Dansguardian web proxy/content filter. The flow of traffic looks like this: Client --> Proxy:8080 (Dansguardian) --> 127.0.0.1:3128 (Squid running on Proxy) --> Edge firewall The relevant portions of squid.conf follow: ================================================================================== acl localnet src 10.0.0.0/8 # Authentication ACLs # Allow ident lookups on internal clients #ident_lookup_access allow localnet ident_lookup_access allow localnet ident_lookup_access deny all # Allow clients with IDENT acl ident_auth ident REQUIRED # If they don't have ident login restrict access to authorized via ldap acl ldap_auth proxy_auth REQUIRED # Attempt ident, then LDAP/basic authentication. Note that Squid is only listening on 127.0.0.1:3128, so the following lines are to support acl_uses_indirect_client http_access allow ip_authenticated http_access allow ident_auth localnet http_access allow ldap_auth localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # OPTIONS FOR X-Forwarded-For # ----------------------------------------------------------------------------- # Allow Squid to see Dansguardian IP addresses follow_x_forwarded_for allow localhost follow_x_forwarded_for deny all # NETWORK OPTIONS # ----------------------------------------------------------------------------- # Listen only to Dansguardian http_port 127.0.0.1:3128 ================================================================================== I am attempting to configure Squid to authenticate with ident, but it seems that the 'follow_x_forwarded_for allow localhost' is not being honored by the ident authenticator. Is there any way to configure Squid to send the ident queries to the originating client? I have confirmed that follow_x_forwarded_for is functional for other things (logging of client IP addresses for example), and that ident queries are being responded to by the clients. Squid is simple never asking for ident and is skipping directly to LDAP/Basic authentication. Thanks in advance for any help you may provide, Ben Miller 6 X 9 = 42