Project

General

Profile

Tâche #13666

Scénario #13507: Permettre le filtrage par IP à travers le proxy cNTLM

Autoriser e2guardian à lire les headers xforwarded for de cNTLM

Added by Emmanuel GARETTE over 5 years ago. Updated over 5 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
10/19/2015
Due date:
% Done:

100%

Estimated time:
2.00 h
Spent time:
Remaining (hours):
0.0

Description

e2guardian devrait traiter les entêtes X-Forwarded-For avec la directive : xforwardedforfilterip.

Associated revisions

Revision 43d7d312 (diff)
Added by Emmanuel GARETTE over 5 years ago

utilisation de l'entête x-forwarded-for de cntlm (ref #13666 @2h)

Revision 03298422 (diff)
Added by Emmanuel GARETTE over 5 years ago

ne pas activer le x-forwarded-for si cntlm n'est pas activé (ref #13666)

History

#1 Updated by Scrum Master over 5 years ago

  • Status changed from Nouveau to En cours

#2 Updated by Scrum Master over 5 years ago

  • Assigned To set to Emmanuel GARETTE

#3 Updated by Emmanuel GARETTE over 5 years ago

  • Remaining (hours) changed from 2.0 to 0.25

Testé sur un AmonEcole (ip du proxy : 10.3.2.2) avec un client xubuntu (ip : 10.3.2.50).

Sur le client je fais :

# http_proxy="http://10.3.2.2:3128" wget --header="X-Forwarded-For:127.0.5.1" google.fr --proxy-user="admin" --proxy-password=eole -O /dev/null

Dans les logs squid on a bien l'IP source et non "127.0.5.1" (peu importe le problème d'authentification).

2015-12-01T16:03:03.139055+01:00 internet squid3: 1448982183.139      5 10.3.2.50 TCP_DENIED/407 3996 GET http://www.google.fr/ - HIER_NONE/- text/html

Si je passe par cNTLM :

# http_proxy="http://10.3.2.2:3127" wget --header="X-Forwarded-For:127.0.5.1" google.fr --proxy-user="admin" --proxy-password=eole -O /dev/null

On a l'a bonne IP source dans les logs (et non 10.3.2.2 ni 127.0.5.1) :

2015-12-01T15:44:31.205462+01:00 internet squid3: 1448981071.205     82 10.3.2.50 TCP_MISS/200 19460 GET http://www.google.fr/webhp?complete=0 dompedago\\admin HIER_DIRECT/64.233.167.94 text/html

#4 Updated by Emmanuel GARETTE over 5 years ago

  • % Done changed from 0 to 100

#5 Updated by Scrum Master over 5 years ago

  • Status changed from En cours to Résolu

#6 Updated by Fabrice Barconnière over 5 years ago

  • Remaining (hours) changed from 0.25 to 0.0

ça semble OK.

#7 Updated by Scrum Master over 5 years ago

  • Status changed from Résolu to Fermé

Also available in: Atom PDF