[squid-users] Login/Pass from squid to Squid

Amos Jeffries squid3 at treenet.co.nz
Thu Nov 3 11:52:28 UTC 2016


On 3/11/2016 9:47 p.m., FredB wrote:
> Hello,
> 
> I wonder if Squid can pass different login/password to another, depending to an ACL ?
> I mean: 
> 
> 1) a client connected to Squid without any identification helper like ntlm, basic, etc ...
> 2) an ACL like IP src, or browser, header, ... forward the request to an another squid with a login/passwd, but the login is different for each match (IP A = user1, IP B = user2, etc)
> 3) the second squid match login an allow the request
> 
> I can do something like that ?

Authentication credentials represent and verify the identity of your
proxy. That is a fixed thing so why would the credentials used to verify
that static identity need to change?

NP: Proxy-auth is not related to the message itelf, but to the transport
mechanism. Do not confuse the identity of the proxy/sender with the
traffic flowing through it from other sources.

That said, you can use request_header_add to add whatever headers you
like to upstream requests. Even proxy-auth headers. You just cant easily
handle any 407 which result from that when the credentials are not
accepted. So the ACL you use better be 100% accurate when it matches.

Amos



More information about the squid-users mailing list