The Authentication in only on the internal proxy, in the external I need to have IP of the client and the username for some acl. So I think I need this information on the Header. ---------------------------------------- > Date: Thu, 27 May 2010 22:51:53 +1200 > From: squid3@xxxxxxxxxxxxx > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: problem 2 squid version 3.1.3 X-Authenticated-User > > Gabriele Gabriele wrote: >> Hi to all, this is my first time here, >> I need an help to configure my >> squid 3.1.3 >> I show you my problem: >> I have 2 squid proxy, one is >> internal end one is external, the external is cache_peer for the >> internal. On the internal squid I have the ntlm authentication, > > bit hard to understand that text does it mean this? > > Client --NTLM--> Proxy 1 --> Proxy 2 --> Internet > > >> So I >> have to pass from the internal to external the client ip source and the >> username of the authenticated user. >> >> By: >> "forwarded_for on >> follow_x_forwarded_for >> allow all" > > ... by opening an Extremely unsafe security hole... > >> in squid.conf I succes to send the Client ip source in >> the header from internal to external >> But I'm not able to send by >> header the "X-Authenticated-User" to the external. ( I hope > > Yes. It's an ICAP special header. > >> X-Authenticathed-User is the right way ) >> I can't use ICAP, so some > > Yes ICAP is not the right technology. > >> body can help me? >> thanks >> > > To pass the client IP securely between the proxies you need to configure > this: > > Proxy 1 squid.conf: > > forwarded_for on > > > Proxy 2 squid.conf: > > acl proxy1 src > > follow_x_forwarded-for allow proxy1 > follow_x_forwarded-for deny all > > > > Logging in to two different proxies simultaneously with one action is > quite hard. > > Instead you can setup the authentication at proxy2 and use the > cache_peer login=PASS option at proxy1. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.3 _________________________________________________________________ MSN ti offre esattamente quello che cerchi: il tuo browser personale http://www.pimpit.it/ie8msn/
