[squid-users] [3.5x]: identd lookup made before proxy_protocol checking and failed [help]
David Touzeau
david at articatech.com
Fri Jan 6 12:14:47 UTC 2017
-----Message d'origine-----
De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De la
part de Amos Jeffries
Envoyé : vendredi 6 janvier 2017 11:27
À : squid-users at lists.squid-cache.org
Objet : Re: [squid-users] [3.5x]: identd lookup made before proxy_protocol
checking and failed [help]
On 2017-01-06 22:12, David Touzeau wrote:
> Added in bugtrack
>
> http://bugs.squid-cache.org/show_bug.cgi?id=4657
>
>
> -----Message d'origine-----
> De : David Touzeau
>
> Hi,
>
> We need to use ident daemon in order to authenticate users.
>
> Squid works fine when computers are directly connected to the proxy.
>
> We have added HaProxy * * * Load-balancer * * * using *proxy_protocol*
> between users and 2 Squid proxies With the load balancer, squid want
> to query identd port directly on the load balancer but not on the
> client source IP address.
> If you see this piece of logs, you can see that the source client
> address is correctly understood by Squid but * * after * * the ident
> verification.
>
>
> How can i fix this behaviour ?
IDENT relies on using the exact random TCP port from the connection the
client opened to HAProxy being used as part of the IDENT connection back to
the client.
Since there is HAProxy between Squid and the client, Squid will be unable to
open the port already in use by the HAProxy client-connection.
So, HAProxy has to be the agent doing the IDENT lookup and sending the ident
info to Squid - probably as part of the PROXY wrapper.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi Amos,
It is more complicated to found a "load-balancer" that supports ident
lookup.
Are you considering this behaviour as a "Feature request" instead bug ?
More information about the squid-users
mailing list