Re: [squid-users] Problem building a reverse Proxy with authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 02 Dec 2002 09:27:14 +0100

Authentication in combination with httpd_accel is normally disabled as
it collides very badly with the use of Squid as a transparent proxy.

You can enable support for this by setting a hidden define. See the
source code (search for the error message received).

Regards
Henrik

tor 2002-11-14 klockan 09.57 skrev Thomas Hänig:
> Hello group,
> for security reasons we want a proxy outside a companies network be the only
> one bypassing the firewall to an internal webserver.
>
> This proxy should do a first authentication ( I tried ncsa_auth but will be
> LDAP) and after a user has been authenticated proxy his/her request to the
> real destination server.
>
> I built Squid:
> Squid Cache: Version 2.5.STABLE1-20021114
> configure options: --prefix=/usr/local/squid --enable-basic-auth-helpers=NCSA
>
> created a squid.conf:
>
> cache_effective_user squid
> http_port 80
> visible_hostname thomas.intern.cosifan.de
> httpd_accel_host www.cosifan.de
> httpd_accel_port 80
> #httpd_accel_with_proxy on
> auth_param basic program /usr/local/squid/libexec/ncsa_auth
> /usr/local/squid/etc/passwd
> auth_param basic children 5
> auth_param basic realm Squid at Toms Linux
> auth_param basic credentialsttl 2 hours
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> #acl xauth src 0.0.0.0/0.0.0.0
>
> acl xauth proxy_auth REQUIRED
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 21 80 443 563 70 210 1025-65535
>
> http_access allow xauth
> icp_access allow all
> miss_access allow all
>
> and a passwd file.
> But when trying to log on I get:
>
> aclAuthenticated: authentication not applicable on accelerated requests.
>
> in /var/log/messages
>
> Is what I want impossible with squid, or is there any possibility to force
> squid to do what I want?
>
> best regards
> mit freundlichen Grüßen
> Thomas Hänig
> CosiFan Computersysteme GmbH
Received on Mon Dec 02 2002 - 01:27:32 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:48 MST