Re: [squid-users] squid3 ICAP, whole LDAP dn in X-Authenticated-User

Fri, 11 Apr 2008 01:38:16 -0700 

On Thu, Apr 10, 2008 at 9:47 PM, Alex Rousskov
<[EMAIL PROTECTED]> wrote:

>  The above ICAP and HTTP headers are from a non-Squid proxy, right? What
>  confuses me is that earlier you said that Squid was sending:
>
>
>     X-Authenticated-User: test\r\n
>
>  yet I cannot find that header in Squid3 sources. Did you apply some
>  patches to teach Squid to emit that header?

No Alex, this packet was sent by Squiq (Squid3.0STABLE1 on ubuntu
server 8.04 beta).

"X-Authenticated-User" Was put by me in squid.conf customizing:

#  TAG: icap_client_username_header
#       ICAP request header name to use for send_client_username.
#
#Default:
# icap_client_username_header X-Client-Username
icap_client_username_header X-Authenticated-User

I've modified this TAG because I saw that username is inserted here by
Squid and my ICAP server was looking for the username in this field.
(if I understood the working method of the ICAP server and the meaning
of the TAG that I've modified).

You saw "X-Authenticated-User: dGVzdA==\r\n" instead of
"X-Authenticated-User: test\r\n" because the text was base64 encrypted
by Squid, but this is not a problem, in fact, the working non-Squid
proxy that i'm trying to replace with Squid, send user data in base64
encrypted method too.

Below you can find a packet sniffed with the non-Squid working proxy,
I hope that can help you.

Frame 7 (1419 bytes on wire, 1419 bytes captured)
Ethernet II, Src: xx:xx:xx:xx:xx:xx, Dst: xx:xx:xx:xx:xx:xx
Internet Protocol, Src: yyy.yyy.yyy.yyy (yyy.yyy.yyy.yyy), Dst:
zzz.zzz.zzz.zzz (zzz.zzz.zzz.zzz)
Transmission Control Protocol, Src Port: 27616 (27616), Dst Port: icap
(1344), Seq: 1, Ack: 1, Len: 1353
Internet Content Adaptation Protocol
        REQMOD icap://zzz.zzz.zzz.zzz:1344/icap ICAP/1.0\r\n
        Host: zzz.zzz.zzz.zzz:1344\r\n
        Encapsulated: req-hdr=0, null-body=1042\r\n
        X-Authenticated-User:
TERBUDovL2pqai5qamouampqLmpqajozODkvdWlkPXVzZXJuYW1lLG91PVBlb3BsZSxvPW15b2ZmaWNlLGRjPW15Y29tcGFueSxkYz1nbG9iYWw=\r\n
        X-Client-IP: aaa.aaa.aaa.aaa\r\n
        X-Server-IP: bbb.bbb.bbb.bbb\r\n
        Preview: 0\r\n
        \r\n
        GET 
http://ad.doubleclick.net/noidadj/N2263.rai_OMD/B2583491;sz=728x90;ord=bjwdyor,bdWzpjWxppKN?
HTTP/1.0\r\n
        Host: ad.doubleclick.net\r\n
        Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=\r\n
        Cookie: test_cookie=CheckForPermission\r\n
        Accept: */*\r\n
        Referer: 
http://www.televideo.rai.it/televideo/pub/pagina.jsp?pagina=315\r\n
        Accept-Language: it\r\n
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
        \r\n

Thanks
  Davide

Reply via email to