如何让 Squid 反向代理通过身份验证发送 remote_user 标头

Question

我已经成功完成这项工作。

通过添加 login=*:NOPASSWORD，我现在获得了一个 PHP_AUTH_USER 变量。完整的 squid.conf 如下所示：

http_port 3128 accel defaultsite=####
cache_peer #### parent 80 0 no-query login=*:NOPASSWORD         originserver
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on

acl ntlm proxy_auth REQUIRED
http_access allow ntlm
http_access deny all

$_SERVER 的转储如下所示：

Array
(
    [USER] => ####
    [HOME] => /var/www
    [FCGI_ROLE] => RESPONDER
    [SCRIPT_FILENAME] => ####
    [QUERY_STRING] => 
    [REQUEST_METHOD] => GET
    [CONTENT_TYPE] => 
    [CONTENT_LENGTH] => 
    [SCRIPT_NAME] => /index.php
    [REQUEST_URI] => /
    [DOCUMENT_URI] => /index.php
    [DOCUMENT_ROOT] => ####
    [SERVER_PROTOCOL] => HTTP/1.1
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_SOFTWARE] => nginx/1.0.15
    [REMOTE_ADDR] => 10.55.56.53
    [REMOTE_PORT] => 49734
    [SERVER_ADDR] => 10.55.151.53
    [SERVER_PORT] => 80
    [SERVER_NAME] => ####
    [REDIRECT_STATUS] => 200
    [HTTP_HOST] => ####
    [HTTP_CONNECTION] => keep-alive
    [HTTP_CACHE_CONTROL] => max-age=0
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*    /*;q=0.8
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like     Gecko) Chrome/32.0.1700.107 Safari/537.36
    [HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
    [HTTP_ACCEPT_LANGUAGE] => en-GB,en;q=0.8,en-US;q=0.6,it;q=0.4
    _pk_id.1.6d65=a3acbf13e64ec9b2.1412689051.1.1412690332.1412689051.;_pk_ses.1.6d65=*
    [HTTP_IF_NONE_MATCH] => "1412690326"
    [HTTP_IF_MODIFIED_SINCE] => Tue, 07 Oct 2014 13:58:46 +0000
    [PHP_SELF] => /index.php
    [PHP_AUTH_USER] => DOMAIN\USERNAME
    [PHP_AUTH_PW] => NOPASSWORD
    [REQUEST_TIME] => 1412690470
)

Answer 1

我已经成功完成这项工作。

通过添加 login=*:NOPASSWORD，我现在获得了一个 PHP_AUTH_USER 变量。完整的 squid.conf 如下所示：

http_port 3128 accel defaultsite=####
cache_peer #### parent 80 0 no-query login=*:NOPASSWORD         originserver
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on

acl ntlm proxy_auth REQUIRED
http_access allow ntlm
http_access deny all

$_SERVER 的转储如下所示：

Array
(
    [USER] => ####
    [HOME] => /var/www
    [FCGI_ROLE] => RESPONDER
    [SCRIPT_FILENAME] => ####
    [QUERY_STRING] => 
    [REQUEST_METHOD] => GET
    [CONTENT_TYPE] => 
    [CONTENT_LENGTH] => 
    [SCRIPT_NAME] => /index.php
    [REQUEST_URI] => /
    [DOCUMENT_URI] => /index.php
    [DOCUMENT_ROOT] => ####
    [SERVER_PROTOCOL] => HTTP/1.1
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_SOFTWARE] => nginx/1.0.15
    [REMOTE_ADDR] => 10.55.56.53
    [REMOTE_PORT] => 49734
    [SERVER_ADDR] => 10.55.151.53
    [SERVER_PORT] => 80
    [SERVER_NAME] => ####
    [REDIRECT_STATUS] => 200
    [HTTP_HOST] => ####
    [HTTP_CONNECTION] => keep-alive
    [HTTP_CACHE_CONTROL] => max-age=0
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*    /*;q=0.8
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like     Gecko) Chrome/32.0.1700.107 Safari/537.36
    [HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
    [HTTP_ACCEPT_LANGUAGE] => en-GB,en;q=0.8,en-US;q=0.6,it;q=0.4
    _pk_id.1.6d65=a3acbf13e64ec9b2.1412689051.1.1412690332.1412689051.;_pk_ses.1.6d65=*
    [HTTP_IF_NONE_MATCH] => "1412690326"
    [HTTP_IF_MODIFIED_SINCE] => Tue, 07 Oct 2014 13:58:46 +0000
    [PHP_SELF] => /index.php
    [PHP_AUTH_USER] => DOMAIN\USERNAME
    [PHP_AUTH_PW] => NOPASSWORD
    [REQUEST_TIME] => 1412690470
)

如何让 Squid 反向代理通过身份验证发送 remote_user 标头

答案1

相关内容