I've looked through the FAQ'sm scoured the net, read through the O'reilly book, "Squid, the Definitive Guide", and played around quite a bit with squid. Here's what I'd like to do:
Use Squid as a reverse proxy, in our DMZ zone to have ldap authenticated users have access to multiple back end web servers. Additionally I'd like to have the connection from the proxy to the end users be a SSL connection. On linux I compiled and installed the openssl-devel and openldap-devel to get the library and header files for both and compiled squid with the --enable-ssl and --enable-basic-auth-helpers=LDAP parameters. Squid installed fine. I also got squidguard as a redirector and have that functioning ok. When I try to use the ldap authentication I get an error that shows up saying "authentication not applicable on accelerated requests" I did find some messages on the web to first compile Squid and then alter the make file with the line "DEFINES = DAUTH_ON_ACCELERATION" and then to make clean and make install. I did that but still get the same error. I'm using Squid 2.5 Stable 5. The messages I saw mentioning this hidden value of DEFINES pertained to earlier versions of Squid, so maybe it doesn't work with Squid 2.5-5. None of the messages explained where to put this DEFINES line, so I put it up fairly high within the Makefile, right above the "INSTALL = /usr/bin/install" line. Can I do above, where is there help for this, and will it pass the ldap username to the web applications. One of the webservers is set up like a portal, with the server itself doing ldap authentication and controlling content based on the username which is matched to a profile within a database the web server uses. This authentication is done on the backend network though, and it would be better to have this authentication occur further away from the back end network. I also appear to be stuck in trying to define a self signed cert and not have Squid check with an authenticating server. I've seen some vague messages concerning this which most likely explains why I can't get the cert to work either. As an accelerated proxy, without ldap and ssl it works great, with squidguard. One problem with ssl and squidguard is figuring out the ACL lists. I end up looking for website.com:443/site2 on the backend server after the converstion and don't want the 443 port in there. Chris Perreault
