Re: [squid-users] squid + dansguardian + auth

From: Bruno Santos <bvsantos_at_hal.min-saude.pt>
Date: Mon, 1 Mar 2010 09:22:46 +0000 (WET)

Hi !

Thanks for the reply.

No! I've managed to sort it out.

I've downloaded the source rpm for squid 3.1.0.16, of Fedora Core 14, and build an RPM from it. Installed, along with dansguardian 2.10.1.1, compiled from source with this options:
--enable-email --with-proxygroup=squid --with-proxyuser=squid --with-logdir=/var/log/ --enable-pcre (without the --original-ip: i guess this one only matters if squid is going to be transparent)

Next, i've enabled the following options in squid.conf (along with others, but i think this ones are the important here):

acl_uses_indirect_client on

follow_x_forwarded_for allow localhost

In dansguardian, i guess the important ones are:

forwardedfor = on
usexforwardedfor = on

After this, everything went ok and i have now dansguardian with squid and LDAP authentication!

Cheers,

Bruno Santos

----- Original Message -----
From: "Jose Ildefonso Camargo Tolosa" <ildefonso.camargo_at_gmail.com>
To: "Bruno Santos" <bvsantos_at_hal.min-saude.pt>
Sent: Saturday, February 27, 2010 12:11:24 AM GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: [squid-users] squid + dansguardian + auth

Hi!

Sorry about the delay, do you still have the problem?

Ildefonso

On Wed, Feb 17, 2010 at 5:19 AM, Bruno Santos <bvsantos_at_hal.min-saude.pt> wrote:
> X-Copyrighted-Material
>
> Hi !
>
> No, i don't have those enabled. I'm using LDAP auth in squid (although i've enabled proxy-digest.conf in dansguardian)
>
> The problem here is the following:
>
> When the request reaches dansguardian, the machine IP who made the request is correct.
> When dansguardian passes the request to squid, it goes with the local machine IP (127.0.0.1) and squid denies the request....
> I've been messing around with the following dansguardian options:
> forwardedfor, usexforwardedfor and originalip
>
> Any hints ?
>
> I have another squid + dansguardian installation with transparent proxy and everything is working just fine...
>
> Cheers,
>
> Bruno Santos
>
>
> ----- Mensagem original -----
> De: "Jose Ildefonso Camargo Tolosa" <ildefonso.camargo_at_gmail.com>
> Para: "squid-users" <squid-users_at_squid-cache.org>
> Enviadas: Segunda-feira, 15 de Fevereiro de 2010 17:45:35 GMT +00:00 Hora de Greenwich, Irlanda, Portugal
> Assunto: Re: [squid-users] squid + dansguardian + auth
>
> Hi!
>
> I really don't understand why are you, people, so insistent on the
> "x-forwarded-for" thing..... it has nothing to do with authentication,
> unless you use IP as part of your ACLs, off course.
>
> Now, I repeat:
>
> authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
> authplugin = '/etc/dansguardian/authplugins/proxy-digest.conf'
> authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'
>
> That's and excerpt from the dansguardian.conf file.  Do you have these enabled?
>
> I hope this helps,
>
> Ildefonso Camargo
>
> On Mon, Feb 15, 2010 at 5:47 AM, Bruno Santos <bvsantos_at_hal.min-saude.pt> wrote:
>> X-Copyrighted-Material
>>
>> Hi !
>>
>> Yes, i was careful to check in the SPEC file to see if there was such option and it is present:
>> --enable-follow-x-forwarded-for
>>
>> The problem i guess is when dansguardian forwards the IP to squid, instead of giving the orinal IP, it goes with the local IP.
>> But, with other options enabled, i get an html response - 400 bad request..
>
> --
>
>        Use OpenSource Software
> Human knowledge belongs to the world
>        Bruno Santos
> bvsantos_at_hal.min-saude.pt
> Tel: +351 962 753 053
>        Divisão de Informática
> informatica_at_hal.min-saude.pt
> Tel: +351 272 000 155
> Fax: +351 272 000 257
>        Unidade Local de Saúde de Castelo Branco, E.P.E.
> geral_at_hal.min-saude.pt
> Tel: +351 272 000 272
> Fax: +351 272 000 257
>
> Linux registered user #349448
>
> LPIC-1 Certification
> -------------------------------------------------------------------------------------------
> Esta mensagem e ficheiros em anexo são confidenciais e destinados somente ao conhecimento e utilização da(s) pessoa(s) ou entidade(s) a quem foram endereçados.
> Cabe ao destinatário verificar a existência de vírus ou erros, uma vez que a informação contida pode ser interceptada e/ou modificada.
> Se recebeu este e-mail por engano, ou a eles teve acesso não sendo o destinatário, por favor informe de imediato o seu administrador de sistemas
> e elimine-o sem o utilizar, divulgar ou reproduzir.
>
> Proteja o ambiente. Antes de imprimir este e-mail, verifique se realmente necessita.
>
>

-- 
	Use Open Source Software 
Human knowledge belongs to the world 
	Bruno Santos 
bvsantos_at_hal.min-saude.pt 
Tel: +351 962 753 053 
	Divisão de Informática 
informatica_at_hal.min-saude.pt 
Tel: +351 272 000 155 
Fax: +351 272 000 257 
	Unidade Local de Saúde de Castelo Branco, E.P.E. 
geral_at_hal.min-saude.pt 
Tel: +351 272 000 272 
Fax: +351 272 000 257 
	
Linux registered user #349448
	
LPIC-1 Certification
Received on Mon Mar 01 2010 - 09:22:59 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 05 2010 - 12:00:03 MST