On 2/12/2011 4:37 a.m., Roberto Galluzzi wrote:
Hi,
I'm using Squid 3.1 and SquidGuard with success. Now I want to add SquidClamav 6.
Versions 6.x need Icap and I didn't have problem to install.
In my Squid configuration I use External ACL to get username from a script but enabling Icap I can't surf because user is empty (in access.log). However in my script log I see that Squid is using it.
If I use simple authentication (auth_param basic ...) I get user and all work.
Nevertheless I MUST use External ACL so I need help about this context.
The problem is that external_acl_type "user=" tag is not an
authenticated username. Just a label for logging etc. in the current Squid.
There is a temporary workaround patch available in the existing bug report:
http://bugs.squid-cache.org/show_bug.cgi?id=3132
You can use that while we continue to work on redesigning the auth
systems to handle this better.
This is part of my configuration:
squid.conf
-------------------------------------------------
(...)
external_acl_type<name> children=15 ttl=7200 negative_ttl=60 %SRC %SRC<helper> <arguments>
(...)
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
(...)
-------------------------------------------------
If you need other info, ask me without problem.
Thank you
Roberto
