2 Replies Latest reply on Sep 6, 2017 9:59 AM by malefunk

    Lookup Username From "Proxy-Authorization: Basic" Header

    malefunk

      I want to implement userbased access control, but we are using (internal & external) Squid Proxys for authentication.

      So i thought the predefined ruleset from the title would work perfectly when let the squid forward the authentication data ( Username + fixed PW).

       

      I only have one problem, and can't find solution : HTTPS

      The CONNECT request comes with the proxy-authorization header as expected, but the MWG ruleset parses everey internal request over the tunnel,

      and the internal requests (logically) don't have the header!

      I tried to find a way to save the username from the CONNECT for the following request, for example by setting Authenticated.Username Property,

      but it's only used for one request/response cycle.

      What annoys me that it works for x-forwarde-for header which is also only sent in the CONNECt but persistent in the client.ip value, but maybe that's because it is programmed... :/

       

      Easiest way i thought would be to update a MapType List with IP as Index and username as value, but i could not find a way to write/update a List persistently.

      I can only use Map.SetStringValue for a temporay variable like this : Set User-Defined.IP-User-List = Map.SetStringValue ( Map-IP-User-List, IP.String (Client.IP) , Authentication.UserName)

       

      Does anyone have an idea how to dynamically update a list, or how i can save the Authentication.Username for following https requests?