On 2017-01-06 22:12, David Touzeau wrote:
Added in bugtrack http://bugs.squid-cache.org/show_bug.cgi?id=4657 -----Message d'origine----- De : David Touzeau Hi, We need to use ident daemon in order to authenticate users. Squid works fine when computers are directly connected to the proxy. We have added HaProxy * * * Load-balancer * * * using *proxy_protocol* between users and 2 Squid proxies With the load balancer, squid want to query identd port directly on the load balancer but not on the client source IP address. If you see this piece of logs, you can see that the source client address is correctly understood by Squid but * * after * * the ident verification. How can i fix this behaviour ?
IDENT relies on using the exact random TCP port from the connection the client opened to HAProxy being used as part of the IDENT connection back to the client.
Since there is HAProxy between Squid and the client, Squid will be unable to open the port already in use by the HAProxy client-connection.
So, HAProxy has to be the agent doing the IDENT lookup and sending the ident info to Squid - probably as part of the PROXY wrapper.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
