On 23/10/10 11:24, Carlos Xavier wrote:
> Hi Amos.
>
> Based on the information of the configuration o sent before do you think
> I am missing something
> or should I report it as a bug.
>
> Squid properly passes the user to c-icap but it seans to "forget" it is
> one authenticated request and dont set the username on the log.
Can't see anything obvious in the config.
The proxy-auth headers are hop-by-hop. Which means Squid is expected
strip them when contacting any external server. We have a bug open
requesting that ICAP be extended with a login= parameter the same as
cache_peer. The X-Authenticated-User hack only passes the details for
ICAP logging, it does not do a return trip to Squid.
I am suspecting that c-icap is re-writing the request and sending a
whole new one to Squid to be used instead of the original. But sans the
credentials which were not passed over.
A workaround, if that is the case, will be for ICAP to use the
"continue" features of ICAP. Where it scans then sends a simple "use the
original, its fine" message back to Squid. I'm not sure right now what
the support levels of that are in either c-icap+clamav, your
url-rewriter, and Squid-3.1 (likely only fully working in 3.2).
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Sat Oct 23 2010 - 00:38:19 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 23 2010 - 12:00:04 MDT