[squid-users] Pseudo proxy authentication (mapping of IP address to user name) in intercept mode.

Rafael Akchurin rafael.akchurin at diladele.com
Tue Oct 17 09:39:25 UTC 2017


Hello everyone,

I would like to get your opinions on the subject.

Problem: admin needs to manage squid acls (and icap web filter settings) using security groups from Active Directory. For non-technical reasons, setup of explicit proxy settings and thus enforcing proxy authentication on Squid is not possible.

Solution:


1.      Deploy some agent on domain controller that would periodically enumerate workstation IPs and get currently logged on users by WMI or something like this. This is fine and already working in our project at https://github.com/diladele/active-directory-inspector

2.      Let Squid somehow use the remote running inspector to match the IP address to user names (and expose the user name to ICAP eventually). May be anyone knows the type of helper/acl/annotation that needs to be in running/configured on the Squid box?

Thanks for anyone responding.

Best regards,
Rafael Akchurin
Diladele B.V.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171017/2c286d33/attachment-0001.html>


More information about the squid-users mailing list