Hi, I would upgrade my Squid 3.1.16 to 3.2.5. Bug specified below (3132) is still open? I already tried authentication through external acl using icap but It doesn't work. Bypassing icap, instead, I see username correctly. In 3.1.x version I used the patch but in 3.2.x files' content are different? How can I resolve? Thanks Roberto >>> Amos Jeffries <squid3@xxxxxxxxxxxxx> 02/12/2011 8.54 >>> On 2/12/2011 4:37 a.m., Roberto Galluzzi wrote: > Hi, > > I'm using Squid 3.1 and SquidGuard with success. Now I want to add SquidClamav 6. > > Versions 6.x need Icap and I didn't have problem to install. > > In my Squid configuration I use External ACL to get username from a script but enabling Icap I can't surf because user is empty (in access.log). However in my script log I see that Squid is using it. > > If I use simple authentication (auth_param basic ...) I get user and all work. > > Nevertheless I MUST use External ACL so I need help about this context. The problem is that external_acl_type "user=" tag is not an authenticated username. Just a label for logging etc. in the current Squid. There is a temporary workaround patch available in the existing bug report: http://bugs.squid-cache.org/show_bug.cgi?id=3132 You can use that while we continue to work on redesigning the auth systems to handle this better. > > This is part of my configuration: > > squid.conf > ------------------------------------------------- > (...) > external_acl_type<name> children=15 ttl=7200 negative_ttl=60 %SRC %SRC<helper> <arguments> > (...) > icap_enable on > icap_send_client_ip on > icap_send_client_username on > icap_client_username_encode off > icap_client_username_header X-Authenticated-User > icap_preview_enable on > icap_preview_size 1024 > icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav > adaptation_access service_req allow all > icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav > adaptation_access service_resp allow all > (...) > ------------------------------------------------- > > If you need other info, ask me without problem. > > Thank you > > Roberto >
