Re: [squid-users] Missing username on logs when using c-icap

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 23 Oct 2010 13:38:15 +1300

On 23/10/10 11:24, Carlos Xavier wrote:
> Hi Amos.
>
> Based on the information of the configuration o sent before do you think
> I am missing something
> or should I report it as a bug.
>
> Squid properly passes the user to c-icap but it seans to "forget" it is
> one authenticated request and dont set the username on the log.

Can't see anything obvious in the config.

  The proxy-auth headers are hop-by-hop. Which means Squid is expected
strip them when contacting any external server. We have a bug open
requesting that ICAP be extended with a login= parameter the same as
cache_peer. The X-Authenticated-User hack only passes the details for
ICAP logging, it does not do a return trip to Squid.

  I am suspecting that c-icap is re-writing the request and sending a
whole new one to Squid to be used instead of the original. But sans the
credentials which were not passed over.

  A workaround, if that is the case, will be for ICAP to use the
"continue" features of ICAP. Where it scans then sends a simple "use the
original, its fine" message back to Squid. I'm not sure right now what
the support levels of that are in either c-icap+clamav, your
url-rewriter, and Squid-3.1 (likely only fully working in 3.2).

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2
Received on Sat Oct 23 2010 - 00:38:19 MDT

This archive was generated by hypermail 2.2.0 : Sat Oct 23 2010 - 12:00:04 MDT