Re: [squid-users] squid + dansguardian + auth

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 18 Feb 2010 10:38:38 +1300

On Wed, 17 Feb 2010 09:49:03 +0000 (WET), Bruno Santos
<bvsantos_at_hal.min-saude.pt> wrote:
> X-Copyrighted-Material
>
> Hi !
>
> No, i don't have those enabled. I'm using LDAP auth in squid (although
> i've enabled proxy-digest.conf in dansguardian)
>
> The problem here is the following:
>
> When the request reaches dansguardian, the machine IP who made the
request
> is correct.
> When dansguardian passes the request to squid, it goes with the local
> machine IP (127.0.0.1) and squid denies the request....
> I've been messing around with the following dansguardian options:
> forwardedfor, usexforwardedfor and originalip
>
> Any hints ?
>

!) This is how software chaining at OSI level-7 works.
DG is running on machine at 127.0.0.1, therefore requests coming to Squid
are arriving from ...

With "follow_x_forwarded_for" set in Squid to trust DG on 127.0.0.1 and DG
adding the XFF header properly Squid should be able to locate the real
client IP in there and use that according to all the *_uses_indirect_client
config settings.

Amos
Received on Wed Feb 17 2010 - 21:38:52 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 18 2010 - 12:00:06 MST