[squid-users] help with reverse proxy sending user to peer
jmperrote
jmperrote at policia.rionegro.gov.ar
Thu May 16 14:56:16 UTC 2019
Hello again Amos, finally on my reverse-proxy a could deliver to the
upstream peer/server the data (username) that I need, using the directive
request_header_add X-Remote-User "%ul"
This is the user captured from authentication (%ul User name) and
validated for --> auth_param basic program auth.php
My helper auth.php go to a internal ldap for validate the user and the
helper say OK/ERR how response.
OK now I want to know it is posible to get or recover from the ldap an
attribute for later deliver this attribute to the peer server on same
way that I deliver on the header the username.
Regards,
El 16/5/19 a las 07:28, jmperrote escribió:
> Thanks a lot Amos, a try to use this for testing.
>
>
> Regards.
>
>
> El 16/5/19 a las 06:24, Amos Jeffries escribió:
>> On 16/05/19 3:26 am, jmperrote wrote:
>>> Hello Amos, we use
>>>
>>> --> auth_param basic program ...../.../auth.php
>>>
>>> for authenticate teh user to the reverse proxy.
>>
>> auth_param is full HTTP authentication. So the %ul code is what you need
>> to use in your custom header value for username from that helper.
>>
>>
>> The %ue is for the external_acl_type helpers output. "user name" is
>> different from "username" - the single space may seem pedantic but with
>> security the minor distinction can mean vast differences in risk.
>>
>> The label in %ue is authorized, but not guaranteed to be valid. Whereas
>> %ul is authenticated and thus guaranteed valid.
>>
>> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list