Hi,
I would upgrade my Squid 3.1.16 to 3.2.5. Bug specified below (3132) is still open?
I already tried authentication through external acl using icap but It doesn't work. Bypassing icap, instead, I see username correctly.
In 3.1.x version I used the patch but in 3.2.x files' content are different? How can I resolve?
Thanks
Roberto
>>> Amos Jeffries <squid3_at_treenet.co.nz> 02/12/2011 8.54 >>>
On 2/12/2011 4:37 a.m., Roberto Galluzzi wrote:
> Hi,
>
> I'm using Squid 3.1 and SquidGuard with success. Now I want to add SquidClamav 6.
>
> Versions 6.x need Icap and I didn't have problem to install.
>
> In my Squid configuration I use External ACL to get username from a script but enabling Icap I can't surf because user is empty (in access.log). However in my script log I see that Squid is using it.
>
> If I use simple authentication (auth_param basic ...) I get user and all work.
>
> Nevertheless I MUST use External ACL so I need help about this context.
The problem is that external_acl_type "user=" tag is not an
authenticated username. Just a label for logging etc. in the current Squid.
There is a temporary workaround patch available in the existing bug report:
http://bugs.squid-cache.org/show_bug.cgi?id=3132
You can use that while we continue to work on redesigning the auth
systems to handle this better.
>
> This is part of my configuration:
>
> squid.conf
> -------------------------------------------------
> (...)
> external_acl_type<name> children=15 ttl=7200 negative_ttl=60 %SRC %SRC<helper> <arguments>
> (...)
> icap_enable on
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_encode off
> icap_client_username_header X-Authenticated-User
> icap_preview_enable on
> icap_preview_size 1024
> icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
> adaptation_access service_req allow all
> icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
> adaptation_access service_resp allow all
> (...)
> -------------------------------------------------
>
> If you need other info, ask me without problem.
>
> Thank you
>
> Roberto
>
Received on Mon Dec 17 2012 - 15:03:55 MST
This archive was generated by hypermail 2.2.0 : Mon Dec 17 2012 - 12:00:04 MST