Re: [squid-users] ProxyAuth credentials size limit
Yes, I think so, and I suspect that it's not a simple configuration parameter either but hard-coded. Without knowing where in the source to look for this, I searched all files for explicit, static 256 byte buffers, and I found quite a few. I'll file a bug. Thanks. Glenn -- On 12/13/2007 05:33 AM, Adrian Chadd wrote: I suggest filing a squid bugzilla bug. I'm not sure what the limits are but I bet they're compile-time at the moment. On Wed, Dec 12, 2007, Glenn Zazulia wrote: Hi, I'm using Squid 2.6.STABLE17 on Redhat Windows, configured in a chain of peers with custom auth external acl helpers that manipulate the proxyauth credentials/header. This works fine when the user:passwd string is less than 256 bytes (prior to base64-encoding), but I noticed that squid truncates anything larger than that. I didn't find any stated header size limit in the RFCs (2616, etc.), and I'm wondering if this is an arbitrary, static limit imposed by squid? If at all possible, I need to increase that limit to 1 KB, and I'm wondering if this can be done without patching the source. I didn't see anything obvious in the config file or the docs. Thanks for any assistance that you could provide. Glenn Zazulia
Re: [squid-users] ProxyAuth credentials size limit
Here's the bugzilla link to the bug: http://www.squid-cache.org/bugs/show_bug.cgi?id=2139 On 12/13/2007 10:38 AM, Glenn Zazulia wrote: Yes, I think so, and I suspect that it's not a simple configuration parameter either but hard-coded. Without knowing where in the source to look for this, I searched all files for explicit, static 256 byte buffers, and I found quite a few. I'll file a bug. Thanks. Glenn -- On 12/13/2007 05:33 AM, Adrian Chadd wrote: I suggest filing a squid bugzilla bug. I'm not sure what the limits are but I bet they're compile-time at the moment. On Wed, Dec 12, 2007, Glenn Zazulia wrote: Hi, I'm using Squid 2.6.STABLE17 on Redhat Windows, configured in a chain of peers with custom auth external acl helpers that manipulate the proxyauth credentials/header. This works fine when the user:passwd string is less than 256 bytes (prior to base64-encoding), but I noticed that squid truncates anything larger than that. I didn't find any stated header size limit in the RFCs (2616, etc.), and I'm wondering if this is an arbitrary, static limit imposed by squid? If at all possible, I need to increase that limit to 1 KB, and I'm wondering if this can be done without patching the source. I didn't see anything obvious in the config file or the docs. Thanks for any assistance that you could provide. Glenn Zazulia
[squid-users] ProxyAuth credentials size limit
Hi, I'm using Squid 2.6.STABLE17 on Redhat Windows, configured in a chain of peers with custom auth external acl helpers that manipulate the proxyauth credentials/header. This works fine when the user:passwd string is less than 256 bytes (prior to base64-encoding), but I noticed that squid truncates anything larger than that. I didn't find any stated header size limit in the RFCs (2616, etc.), and I'm wondering if this is an arbitrary, static limit imposed by squid? If at all possible, I need to increase that limit to 1 KB, and I'm wondering if this can be done without patching the source. I didn't see anything obvious in the config file or the docs. Thanks for any assistance that you could provide. Glenn Zazulia
[squid-users] Using external ACL helper w/ user= result keyword to modify cache_peer login=*:pass
Hi, I'm using Squid 2.6 on Redhat Windows, organized such that the squid child proxies each live in separate (NTLM) authentication domains and they forward all HTTP requests to a parent squid proxy using basic authentication with the cache_peer login=*:pass construct. This works well, and I am able to see in the parent log file the domain\user info for each request. What I'd like to do, though, is to modify/normalize the user name after successful authentication by the child proxy so that the parent proxy receives the user's email address instead of the less globally-unique domain\user info. I'm experimenting with an external ACL helper script that attempts to dynamically modify the user name by returning strings such as OK [EMAIL PROTECTED]. However, doing this seems to have no effect: nothing that I return for user= in the helper script appears in the parent proxy's log file. Instead, the original authenticated user name string continues to be logged. I'd greatly appreciate any pointers in this area. Thanks so much for your help. Glenn Zazulia
