The biggest problem here is that authentication is not compatible with transparent redirection (http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.16). Fix that minor issue, and authentication will give you a one-to-one relationship between requests and surfers.
An other option would be to have a squid server in each of the three offices transparently intercepting requests and forward those requests to the main squid server. I think there's a patch to use the "X-Forwarded-For" IP in the logs. Then again, that's adding a lot of complexity. Perhaps a better method would be to push the natting outside of the squid server. Keep the private networks, but route them instead of natting them. Use NAT at the internet gateway. Again, a complex solution, but possibly the most elegant. Chris -----Original Message----- From: Matthew J. Brown [mailto:[EMAIL PROTECTED] Sent: Thursday, January 20, 2005 11:12 AM To: [email protected] Subject: [squid-users] Authentication Greetings, I'm the systems administrator for 3 offices all located within one building. Each office has their own private network and every request out to port 80 from the network is forced through Squid via iptables/portforwarding. Here's my question. Given that each office has their own private network, Squid only sees the IP address of the routers and not of each individual client IP. What I would like is to be able to log a client ip/username/machine name/something along with the http request. I've been playing around with Squid authentication but have not had much luck getting it to work. Would this even accomplish my goal? If so, how does one turn on authentication within Squid? I've compiled the basic module and enabled everything I believe there is to be enabled according to the Squid docs.. I've configured my ACL's according to what I've read on the web and when I turn it all on, I get "Access denied", rather than a prompt to login. Any help is appreciated. Thanks! - Matt -- This message has been scanned for viruses and dangerous content and is believed to be clean.
