Gabriele Gabriele wrote:
Hi to all, this is my first time here,
I need an help to configure my
squid 3.1.3
I show you my problem:
I have 2 squid proxy, one is
internal end one is external, the external is cache_peer for the
internal. On the internal squid I have the ntlm authentication,
bit hard to understand that text does it mean this?
Client --NTLM--> Proxy 1 --> Proxy 2 --> Internet
So I
have to pass from the internal to external the client ip source and the
username of the authenticated user.
By:
"forwarded_for on
follow_x_forwarded_for
allow all"
... by opening an Extremely unsafe security hole...
in squid.conf I succes to send the Client ip source in
the header from internal to external
But I'm not able to send by
header the "X-Authenticated-User" to the external. ( I hope
Yes. It's an ICAP special header.
X-Authenticathed-User is the right way )
I can't use ICAP, so some
Yes ICAP is not the right technology.
body can help me?
thanks
To pass the client IP securely between the proxies you need to configure
this:
Proxy 1 squid.conf:
forwarded_for on
Proxy 2 squid.conf:
acl proxy1 src <ip-of-proxy-1>
follow_x_forwarded-for allow proxy1
follow_x_forwarded-for deny all
Logging in to two different proxies simultaneously with one action is
quite hard.
Instead you can setup the authentication at proxy2 and use the
cache_peer login=PASS option at proxy1.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.3
