On Mon, 2008-04-07 at 13:09 +0200, Arno _ wrote: > I'm my configuration I have 2 bluecoat proxy talking to a webwasher via ICAP > to control the URL. > And I also have a squid 3.0 for my test and some special production purpose. > My squid is doing a limited authentication, using basic or none for some IP > range. I can't and don't want to do any other kind of authentication as I do > on the production proxy. > > So to be able to make it work with the ICAP server (webwasher in my case) I > need to send user name and user group to it so that I can control on the > Webwasher the URL accessed from the test user and some production server. > > Since on the current squid (3 stable 4) there is nothing to let me cheat with > the ICAP entry I decide to add some feature to it. > > I add the following ICAP option: > icap_fake_client_username: let me specifies the client username that has to > be put into the icap-client-username ICAP header, applied only if the > icap_send_client_username is set; no default. > > icap_client_group_header: let me create a header to be send into the ICAP > header, be default it's set to X-Client-Groups, and, for now, only used if > the next field is present > > icap_fake_client_group: let me specifies the client group that has to be put > into the icap-client-group ICAP header; no default. > > > TODO if possible: retrieve the client-group from the authentication > procedure, if done in NTLM, AD, LDAP or other method that will allow this > information. But I think it will need a lot of change > > > The change are made to the following file: > cf.data.pre > ICAP/ICAPConfig.h > ICAP/ICAPModXact.cc > > > Sound interesting ? > Someone willing to give me instruction on how to continue the job ? > Suggestion on way to improve it ?
Please file a bug report with your patches. That way they will not be forgotten and may be reviewed. It would also be great if you could ask on squid-users whether anybody ever felt the need to fake these ICAP headers. The patches are much more likely to be accepted if it is a common need. Thank you, Alex.
