[squid-users] Which versions of squid Support ident ?

Alex Rousskov rousskov at measurement-factory.com
Mon Sep 15 14:54:19 UTC 2025

Previous message (by thread): [squid-users] Which versions of squid Support ident ?
Next message (by thread): [squid-users] Squid Error SQUID_TLS_ERR_ACCEPT -- Transparent proxy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2025-09-15 10:09, Ohms, Jannis wrote:

> Ist the ident protocoll still supported by squid?

YMMV, but Squid have not supported Ident properly for many years (if 
ever). Buggy Ident code was removed in Squid v7. I have quoted a 
variation of the corresponding release note below.


HTH,

Alex.


> Removed Ident protocol support
> 
> Ident protocol (RFC 931 obsoleted by RFC 1413) has been considered
> seriously insecure and broken since at least 2009 when SANS issued an update
> recommending its removal from all networks. Squid Ident implementation had its
> own set of problems (that could not be addressed without significant code
> refactoring).
> 
> Configurations using ident/ident_regex ACLs, %ui logformat codes, %IDENT
> external_acl_type format code, or ident_lookup_access/ident_timeout directives
> are now rejected, leading to fatal startup failures.
> 
> To avoid inconveniencing admins that do _not_ use Ident features,
> access logs with "common" and "combined" logformats now always receive a dash
> in the position of what used to be a %ui record field.
> 
> If necessary, an external ACL helper can be written to perform Ident transactions
> and deliver the user identity to Squid through the **user=** annotation.

Previous message (by thread): [squid-users] Which versions of squid Support ident ?
Next message (by thread): [squid-users] Squid Error SQUID_TLS_ERR_ACCEPT -- Transparent proxy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list