-1

We are using squid proxy along with the GreasySpoon ICAP server to modify responses for development purposes. We have a need to allow different developers to have different modifications to the responses because they are working on things relevant to different modifications. Initially, when we installed this setup insider our LAN, we were able to accommodate this by using the user_id script parameter inside the GreasySpoon response scripts. This parameter is populated with the local IP of the developer, and so we could base things upon the different IPs.

When we moved the setup to the cloud, everyone had our shared WAN IP for the user_id parameter, and so our scheme broke.

The comments in the default GreasySpoon script indicate that the user_id can be a user login:

// user_id        :  (String)user id (login or user ip address)

I configured authentication with the squid server, but the user_id is still set to our shared WAN IP. Is it possible to populate this script parameter in GreasySpoon with a proxy user's username using squid?

Carl G
  • 14,291
  • 12
  • 78
  • 103

1 Answers1

-1

The GreasySpoon (1.0.10) configuration file service.properties contains a setting: SpoonScript.icapuserheader=x-authenticated-user. This is the header that GreasySpoon inspects to find the user_id. If this value is not found, then GreasySpoon falls back to the IP address. So you must configure squid to send the authenticated user's username in the same header as is configured in the properties file.

// in squid.conf:
icap_client_username_header x-authenticated-user
Carl G
  • 14,291
  • 12
  • 78
  • 103