[squid-users] squid - IE - ftp - WWW-authenticate question

Hi all,
    I am using squid-2.5-STABLE2. I want my users to use squid for ftp
requests and so, the browser is configured accordingly, to use squid for ftp
requests.

    Now, a user requests ftp://hostname/ through his browser. Since the
username and password are not mentioned in the url, squid tries to connect
the remote-server using "anonymous" login and password. Now, if the remote
server does not support "anonymous" login, it will reply with FTP code >
500. Example(in my case): "530 Can't set guest privileges". On seeing this,
squid returns HTTP_FORBIDDEN(403) to the browser and the browser gets dumb.

    BUT, i want the browser to ask for username and password when anonymous
login fails. For this, i modified squid to return HTTP_UNAUTHORIZED(401) and
send a "WWW-Authenticate" response-header, specifying the type of
authentication and the realm.
    On seeing "HTTP/1.0 401 Unauthorised", the browser should immediately
look-up for "WWW-Authenticate" response-header, and POPUP a beautiful
dialogue-box, asking us for username and password.

    This works fine for mozilla, netscape and firefox browsers. But
Internet-Explorer does not. Instead of popping for username-password, it
sits dumb. I tried googling on this, but all in vein. Finally, i found a
site, which said that IE does not POPUP for 401 and "WWW-Authenticate".

    Most of my users use IE for browsing, so anyhow i needed it to popup. I
got an ugly workaround for this. Instead of sending, 401(Unauthorised), i
sent 407(Proxy Authentication Required) as response code. And used
"Proxy-Authenticate" response-header as authentication-identifier. That
worked for all browsers. Now all browsers ask for username-password whenever
anonymous login fails. This could easily fool IE, but mozilla, netscape and
firefox were too smart. On seeing 407 response code, they thaught it was
proxy that needed authentication, and so while asking for username-password,
they say "Enter username and password for proxy at IPADDRESS". That fools
the users!!!

    Now question for you all experts:
        1) Why does squid send HTTP_FORBIDDEN in case of any FTP error
codes (>500). Can be more specific ?
        2) If we leave IE, is "401 WWW-authenticate" a valid method of
asking user for authentication ?
        3) Is "407 proxy-authenticate", a better workaround for getting
authentication information for original server ?
        4) Is there some other way to achieve this (popup for
username-password in IE) ?
        5) Has anybody worked before on this kind of problem ?

I have attached the diff of the changes that i have made in squid.

Thanks and regards,
Vinod Patel

begin 666 squid.diff
M+2TM($AT='!297!L>2YC"51H=2!*86X@(#8@,30Z,3(Z,#(@,C P-0HK*RL@
M+VAO;64O=FEN;V0O<W%U:60O<W%U:60M,BXU+69T<"]S<F,O2'1T<%)E<&QY
M+F,)5&AU($UA>2 Q,B Q-#HP,#HQ,2 R,# U"D! ("TR-C L-B K,C8P+#$T
M($! "B ):'1T<$AE861E<E!U=%1I;64H:&1R+"!(1%)?15A025)%4RP@97AP
M:7)E<RD["B @(" @:68@*&QM=" ^(# I"0DO*B!T:&ES('5S960@=&\@8F4@
M;&UT("$](# @0#] ("HO"B ):'1T<$AE861E<E!U=%1I;64H:&1R+"!(1%)?
M3$%35%]-3T1)1DE%1"P@;&UT*3L**R @(" O*B!3=6UI="!086YD>6$@+2!F
M;W(@1E10(&%U=&AE<FEZ871I;VX@*B\**R @("!I9B H*'-T871U<R ]/2!(
M5%107U!23UA97T%55$A%3E1)0T%424].7U)%455)4D5$*2 **PDF)B H:'1T
M<$AE861E<DAA<RAH9'(L("!(1%)?4%)/6%E?05542$5.5$E#051%*2 ]/2 P
M*2 I"BL):'1T<$AE861E<E!U=%-T<F8H:&1R+"!(1%)?4%)/6%E?05542$5.
M5$E#051%+" B0F%S:6,@<F5A;&T]7")0<F]V:61E('-E<G9E<B!A=71H96YT
M:6-A=&EO;B!I;F9O<FUA=&EO;EPB(BD["BL@(" @:68@*" H<W1A='5S(#T]
M($A45%!?54Y!551(3U))6D5$*2 **PDF)B H:'1T<$AE861E<DAA<RAH9'(L
M("!(1%)?5U=77T%55$A%3E1)0T%412D@/3T@,"D@*0HK"6AT='!(96%D97)0
M=71!=71H*&AD<BP@(D)A<VEC(BP@(E!R;W9I9&4@<V5R=F5R(&%U=&AE;G1I
M8V%T:6]N(&EN9F]R;6%T:6]N(BD["BL*(" @("!R97!L>2T^9&%T92 ]('-Q
M=6ED7V-U<G1I;64["B @(" @<F5P;'DM/F-O;G1E;G1?;&5N9W1H(#T@8VQE
M;CL*(" @("!R97!L>2T^97AP:7)E<R ](&5X<&ER97,["BTM+2!F=' N8PE4
M:'4@2F%N(" V(#$T.C$R.C R(#(P,#4**RLK("]H;VUE+W9I;F]D+W-Q=6ED
M+W-Q=6ED+3(N-2UF=' O<W)C+V9T<"YC"51H=2!-87D@,3(@,30Z,# Z,3$@
M,C P-0I 0" M,S(R+#8@*S,R,BPW($! "B!F='!,;V=I;E!A<G-E<BAC;VYS
M="!C:&%R("IL;V=I;BP@1G1P4W1A=&5$871A("H@9G1P4W1A=&4L(&EN="!E
M<V-A<&5D*0H@>PH@(" @(&-H87(@*G,@/2!.54Q,.PHK(" @(&-O;G-T(&-H
M87(@*F%U=&@["B @(" @>'-T<FYC<'DH9G1P4W1A=&4M/G5S97(L(&QO9VEN
M+"!-05A?55),*3L*(" @("!I9B H*',@/2!S=')C:'(H9G1P4W1A=&4M/G5S
M97(L("<Z)RDI*2!["B )*G,@/2 P.PI 0" M,S,T+#@@*S,S-2PQ-R! 0 H@
M(" @('T*(" @("!I9B H97-C87!E9"D*( ER9F,Q-S,X7W5N97-C87!E*&9T
M<%-T871E+3YU<V5R*3L*+2 @("!I9B H9G1P4W1A=&4M/G5S97);,%T@?'P@
M9G1P4W1A=&4M/G!A<W-W;W)D6S!=*0HK(" @(&EF("AF='!3=&%T92T^=7-E
M<ELP72!\?"!F='!3=&%T92T^<&%S<W=O<F1;,%T@?'P@9G1P4W1A=&4M/F9L
M86=S+F%U=&AE;G1I8V%T960I"B )<F5T=7)N.PHK(" @(&EF("@@*&%U=&@@
M/2!H='1P2&5A9&5R1V5T075T:"@F9G1P4W1A=&4M/G)E<75E<W0M/FAE861E
M<BP@2$127T%55$A/4DE:051)3TXL(")"87-I8R(I*0HK"7Q\("AA=71H(#T@
M:'1T<$AE861E<D=E=$%U=&@H)F9T<%-T871E+3YR97%U97-T+3YH96%D97(L
M($A$4E]04D]865]!551(3U))6D%424].+" B0F%S:6,B*2D@*2!["BL)9&5B
M=6<H.2P@,RD@*")F='!,;V=I;E!A<G-E<CH@1V]T($%U=&AE<FEZ871I;VX@
M:&5A9&5R("<E<R=<;B(L(&%U=&@I.PHK"6EF*'-T<FYC;7 H875T:"P@(CHB
M+"!-05A?55),*2D@>PHK"2 @("!F='!3=&%T92T^9FQA9W,N875T:&5N=&EC
M871E9" ](#$["BL)(" @(&9T<$QO9VEN4&%R<V5R*&%U=&@L(&9T<%-T871E
M+"!&5%!?3$]'24Y?3D]47T530T%0140I.PHK"2 @("!R971U<FX["0DO*B!N
M965D(&%U=&@@:&5A9&5R("HO"BL)?0HK(" @('T*(" @("!X<W1R;F-P>2AF
M='!3=&%T92T^=7-E<BP@(F%N;VYY;6]U<R(L($U!6%]54DPI.PH@(" @('AS
M=')N8W!Y*&9T<%-T871E+3YP87-S=V]R9"P@0V]N9FEG+D9T<"YA;F]N7W5S
M97(L($U!6%]54DPI.PH@?0I 0" M.3@T+#$X("LY.30L,3<@0$ *(&9T<$-H
M96-K075T:"A&='!3=&%T941A=&$@*B!F='!3=&%T92P@8V]N<W0@2'1T<$AE
M861E<B J(')E<5]H9'(I"B!["B @(" @8VAA<B J;W)I9U]U<V5R.PHM(" @
M(&-O;G-T(&-H87(@*F%U=&@["B @(" @9G1P3&]G:6Y087)S97(H9G1P4W1A
M=&4M/G)E<75E<W0M/FQO9VEN+"!F='!3=&%T92P@1E107TQ/1TE.7T530T%0
M140I.PHK"BL@(" @9&5B=6<H.2P@-2D@*")F='!#:&5C:T%U=&@Z(&QO9VEN
M("<E<R<@=7-E<B G)7,G('!A<W-W;W)D("<E<R<@<&%S<W=O<F1?=7)L("<E
M9"=<;B(L"BL)9G1P4W1A=&4M/G)E<75E<W0M/FQO9VEN+"!F='!3=&%T92T^
M=7-E<BP@9G1P4W1A=&4M/G!A<W-W;W)D+"!F='!3=&%T92T^<&%S<W=O<F1?
M=7)L*3L**PH@(" @(&EF("@A9G1P4W1A=&4M/G5S97);,%TI"B )<F5T=7)N
M(#$["0DO*B!N;R!N86UE("HO"B @(" @:68@*&9T<%-T871E+3YP87-S=V]R
M9%]U<FP@?'P@9G1P4W1A=&4M/G!A<W-W;W)D6S!=*0H@"7)E='5R;B Q.PD)
M+RH@<&%S<W=D('!R;W9I9&5D(&EN(%523" J+PH@(" @("\J(%523"!H87,@
M;F%M92P@8G5T(&YO('!A<W-W9" J+PHM(" @(&EF("@A*&%U=&@@/2!H='1P
M2&5A9&5R1V5T075T:"AR97%?:&1R+"!(1%)?05542$]225I!5$E/3BP@(D)A
M<VEC(BDI*0HM"7)E='5R;B P.PD)+RH@;F5E9"!A=71H(&AE861E<B J+PHM
M(" @(&9T<%-T871E+3YF;&%G<RYA=71H96YT:6-A=&5D(#T@,3L*(" @("!O
M<FEG7W5S97(@/2!X<W1R9'5P*&9T<%-T871E+3YU<V5R*3L*+2 @("!F='!,
M;V=I;E!A<G-E<BAA=71H+"!F='!3=&%T92P@1E107TQ/1TE.7TY/5%]%4T-!
M4$5$*3L*(" @("!I9B H<W1R8VUP*&]R:6=?=7-E<BP@9G1P4W1A=&4M/G5S
M97(I(#T](# I('L*( EX9G)E92AO<FEG7W5S97(I.PH@"7)E='5R;B Q.PD)
M+RH@<V%M92!U<V5R;F%M92 J+PI 0" M,C0U-"PW("LR-#8S+#$T($! "B )
M<W=I=&-H("AF='!3=&%T92T^<W1A=&4I('L*( EC87-E(%-%3E1?55-%4CH*
M( EC87-E(%-%3E1?4$%34SH*+0D@(" @:68@*&9T<%-T871E+3YC=')L+G)E
M<&QY8V]D92 ^(#4P,"D**PD@(" @+R\@4W5M:70@4&%N9'EA("T@(#0@36%Y
M(#(P,#4**PD@(" @:68@*&9T<%-T871E+3YC=')L+G)E<&QY8V]D92 ]/2 U
M,S I('L**PD):68@*&9T<%-T871E+3YR97%U97-T+3YF;&%G<RYA8V-E;&5R
M871E9"!\?"!F='!3=&%T92T^<F5Q=65S="T^875T:%]U<V5R7W)E<75E<W0I
M"BL)"2 @("!E<G(@/2!E<G)O<D-O;BA%4E)?1E107T9/4D))1$1%3BP@2%14
M4%]53D%55$A/4DE:140I.PHK"0EE;'-E"BL)"2 @("!E<G(@/2!E<G)O<D-O
M;BA%4E)?1E107T9/4D))1$1%3BP@2%144%]04D]865]!551(14Y424-!5$E/
M3E]215%525)%1"D["BL)(" @('T**PD@(" @96QS92!I9B H9G1P4W1A=&4M
M/F-T<FPN<F5P;'EC;V1E(#X@-3 P*0H@"0EE<G(@/2!E<G)O<D-O;BA%4E)?
M1E107T9/4D))1$1%3BP@2%144%]&3U)"241$14XI.PH@"2 @("!E;'-E(&EF
M("AF='!3=&%T92T^8W1R;"YR97!L>6-O9&4@/3T@-#(Q*0H@"0EE<G(@/2!E
M<G)O<D-O;BA%4E)?1E107U5.059!24Q!0DQ%+"!(5%107U-%4E9)0T5?54Y!
M5D%)3$%"3$4I.PI 0" M,C8Q,2PQ,R K,C8R-RPR,"! 0 H@<W1A=&EC('9O
M:60*(&9T<$%U=&A297%U:7)E9"A(='1P4F5P;'D@*B!O;&1?<F5P;'DL(')E
M<75E<W1?=" J(')E<75E<W0L(&-O;G-T(&-H87(@*G)E86QM*0H@>PHM(" @
M($5R<F]R4W1A=&4@*F5R<B ](&5R<F]R0V]N*$524E]#04-(15]!0T-%4U-?
M1$5.245$+"!(5%107U5.05542$]225I%1"D["BL@(" @+R\@4W5M:70@4&%N
M9'EA(#=T:"!-87D@0VAA;F=I;F<@<F5P;'D@8V]D90HK(" @($5R<F]R4W1A
M=&4@*F5R<CL*(" @("!(='1P4F5P;'D@*G)E<#L**R @("!I9B@@<F5Q=65S
M="T^9FQA9W,N86-C96QE<F%T960@?'P@<F5Q=65S="T^875T:%]U<V5R7W)E
M<75E<W0I"BL)97)R(#T@97)R;W)#;VXH15)27T-!0TA%7T%#0T534U]$14Y)
M140L($A45%!?54Y!551(3U))6D5$*3L**R @("!E;'-E"BL)97)R(#T@97)R
M;W)#;VXH15)27T-!0TA%7T%#0T534U]$14Y)140L($A45%!?4%)/6%E?0554
M2$5.5$E#051)3TY?4D5154E2140I.PH@(" @(&5R<BT^<F5Q=65S=" ](')E
M<75E<W1,:6YK*')E<75E<W0I.PH@(" @(')E<" ](&5R<F]R0G5I;&1297!L
M>2AE<G(I.PH@(" @(&5R<F]R4W1A=&5&<F5E*&5R<BD["B @(" @+RH@861D
M($%U=&AE;G1I8V%T92!H96%D97(@*B\*(" @("!H='1P2&5A9&5R4'5T075T
M:"@F<F5P+3YH96%D97(L(")"87-I8R(L(')E86QM*3L**R @("!R97%U97-T
M+3YF;&%G<RYP<F]X>5]K965P86QI=F4@/2 Q.PHK(" @(')E<"T^:V5E<%]A
M;&EV92 ](#$["B @(" @+RH@;6]V92!N97<@<F5P;'D@=&\@=&AE(&]L9"!O
M;F4@*B\*(" @("!H='1P4F5P;'E!8G-O<F(H;VQD7W)E<&QY+"!R97 I.PH@
"?0H`
`
end
Received on Mon May 16 2005 - 07:16:26 MDT