[squid-users] help with reverse proxy sending user to peer

Amos Jeffries squid3 at treenet.co.nz
Wed May 15 13:50:43 UTC 2019


On 15/05/19 12:09 pm, jmperrote wrote:
> hello I need a help to know it is posible with squid to pass the
> username autenticated on reverse proxy to the peer ?
> 

Firstly, please be aware that the username you may see in proxy logs is
not required to be authenticated. In modern Squid it just has to be sent.


> 
> The idea is that the webserver aplication can catch like POST method or
> similar the username logued and autenticated on reverse proxy-
> 

You can use the request_header_add directive to add custom headers with
any information Squid has at the time those headers are generated for
delivery to the upstream peer/server.
  <http://www.squid-cache.org/Doc/config/request_header_add/>

But ... which username?

"
    ul	User name from authentication
    ue	User name from external acl helper
    ui	User name from ident
    un	A user name. Expands to the first available name
	from the following list of information sources:
	- authenticated user name, like %ul
	- user name supplied by an external ACL, like %ue
	- SSL client name, like %us
	- ident user name, like %ui

  credentials   Client credentials. The exact meaning depends on
		the authentication scheme: For Basic authentication,
		it is the password; for Digest, the realm sent by the
		client; for NTLM and Negotiate, the client challenge
		or client credentials prefixed with "YR " or "KK ".
"


Amos


More information about the squid-users mailing list