[squid-users] help with reverse proxy sending user to peer
Amos Jeffries
squid3 at treenet.co.nz
Wed May 15 13:50:43 UTC 2019
On 15/05/19 12:09 pm, jmperrote wrote:
> hello I need a help to know it is posible with squid to pass the
> username autenticated on reverse proxy to the peer ?
>
Firstly, please be aware that the username you may see in proxy logs is
not required to be authenticated. In modern Squid it just has to be sent.
>
> The idea is that the webserver aplication can catch like POST method or
> similar the username logued and autenticated on reverse proxy-
>
You can use the request_header_add directive to add custom headers with
any information Squid has at the time those headers are generated for
delivery to the upstream peer/server.
<http://www.squid-cache.org/Doc/config/request_header_add/>
But ... which username?
"
ul User name from authentication
ue User name from external acl helper
ui User name from ident
un A user name. Expands to the first available name
from the following list of information sources:
- authenticated user name, like %ul
- user name supplied by an external ACL, like %ue
- SSL client name, like %us
- ident user name, like %ui
credentials Client credentials. The exact meaning depends on
the authentication scheme: For Basic authentication,
it is the password; for Digest, the realm sent by the
client; for NTLM and Negotiate, the client challenge
or client credentials prefixed with "YR " or "KK ".
"
Amos
More information about the squid-users
mailing list