Re: [squid-users] Web Site Authentication from Mace.Scott@dont-contact.us on 2005-08-02 (squid-users)

From: <Mace.Scott@dont-contact.us>
Date: Tue, 2 Aug 2005 14:03:18 -0400

Mace.Scott@tatravelcenters.com wrote on 08/02/2005 08:35:14 AM:

> Mace.Scott@tatravelcenters.com wrote on 08/01/2005 02:54:42 PM:
>
> > Having a problem with certain sites that require authentication.
Instead
>
> > of the window popping up with the fields to populate username and
> > password, the url goes directly to a failed authentication page. I'm

> > using Squid 2.5.STABLE3 with the x_forwarded_for,
follow_x_forwarded_for
>
> > patch. I've looked through the archives, and can't seem to find
> anything
> > relevant.
> >
> > Is it not processing the WWW-Authenticate header properly? Thanks for

> any
> >
> > assistance.
> >
> >

OK, it looks like I'm making some progress in at least identifying where
the error is.

Apparently the site is returning WWW-Authenticate: NTLM headers and squid
is not passing it on to the client.
I looked through bugzilla, and it looks like all the bugs related to NTLM
are for clients authenticating to squid, not to external web sites. What
am I missing? Are the developers monitoring this list?

I ran squid -k debug, and here is some output of that:

2005/08/02 11:04:48| init-ing hdr: 0x9971d24 owner: 2
2005/08/02 11:04:48| 0x9971d24 lookup for 37
2005/08/02 11:04:48| 0x9971d24 lookup for 9
2005/08/02 11:04:48| 0x9971d24 lookup for 21
2005/08/02 11:04:48| parsing hdr: (0x9971d24)
WWW-Authenticate: NTLM
Content-Length: 644
Content-Type: text/html

2005/08/02 11:04:48| creating entry 0x996fe18: near 'WWW-Authenticate:
NTLM'
2005/08/02 11:04:48| created entry 0x996fe18: 'WWW-Authenticate: NTLM'
2005/08/02 11:04:48| 0x9971d24 adding entry: 52 at 0
2005/08/02 11:04:48| creating entry 0x996fd28: near 'Content-Length: 644'
2005/08/02 11:04:48| created entry 0x996fd28: 'Content-Length: 644'
2005/08/02 11:04:48| 0x9971d24 adding entry: 13 at 1
2005/08/02 11:04:48| creating entry 0x996fce8: near 'Content-Type:
text/html'
2005/08/02 11:04:48| created entry 0x996fce8: 'Content-Type: text/html'
2005/08/02 11:04:48| 0x9971d24 adding entry: 17 at 2
2005/08/02 11:04:48| 0x9971d24 lookup for 37
2005/08/02 11:04:48| 0x9971d24 lookup for 9
2005/08/02 11:04:48| 0x9971d24 lookup for 21
2005/08/02 11:04:48| 0x9971d24 del-by-id 37
2005/08/02 11:04:48| deleting 'Keep-Alive' fields in hdr 0x9971d24
2005/08/02 11:04:48| 0x9971d24 lookup for 9
2005/08/02 11:04:48| 0x9971d24 lookup for 52
2005/08/02 11:04:48| destroying entry 0x996fe18: 'WWW-Authenticate: NTLM'
2005/08/02 11:04:48| created entry 0x996fe18: 'X-Cache: MISS from
proxy02.ta.com'
2005/08/02 11:04:48| 0x9971d24 adding entry: 54 at 3
2005/08/02 11:04:48| created entry 0x996fca8: 'Proxy-Connection:
keep-alive'
2005/08/02 11:04:48| 0x9971d24 adding entry: 37 at 4
2005/08/02 11:04:48| aclCheckFast: list: (nil)
2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1
2005/08/02 11:04:48| cbdataFree: 0x996d6c0
2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0
2005/08/02 11:04:48| aclCheckFast: list: (nil)
2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1
2005/08/02 11:04:48| cbdataFree: 0x996d6c0
2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0
2005/08/02 11:04:48| aclCheckFast: list: (nil)
2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1
2005/08/02 11:04:48| cbdataFree: 0x996d6c0
2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0
2005/08/02 11:04:48| aclCheckFast: list: (nil)
2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1
2005/08/02 11:04:48| cbdataFree: 0x996d6c0
2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0
2005/08/02 11:04:48| cbdataLock: 0x96995d8
2005/08/02 11:04:48| cbdataLock: 0x996c010
2005/08/02 11:04:48| aclCheckFast: list: 0x96995d8
2005/08/02 11:04:48| aclMatchAclList: checking all
2005/08/02 11:04:48| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2005/08/02 11:04:48| aclMatchIp: '127.0.0.1' found
2005/08/02 11:04:48| aclMatchAclList: returning 1
2005/08/02 11:04:48| httpReplyBodyBuildSize: Setting maxBodySize to 0
2005/08/02 11:04:48| cbdataUnlock: 0x996c010
2005/08/02 11:04:48| cbdataUnlock: 0x96995d8
2005/08/02 11:04:48| cbdataFree: 0x996d6c0
2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0
2005/08/02 11:04:48| clientSendMoreData: Appending 644 bytes after 100
bytes of headers
2005/08/02 11:04:48| cbdataLock: 0x969b940
2005/08/02 11:04:48| cbdataLock: 0x996c010
2005/08/02 11:04:48| aclCheckFast: list: 0x969b940
2005/08/02 11:04:48| aclMatchAclList: checking all
2005/08/02 11:04:48| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2005/08/02 11:04:48| aclMatchIp: '127.0.0.1' found
2005/08/02 11:04:48| aclMatchAclList: returning 1
2005/08/02 11:04:48| cbdataUnlock: 0x996c010
2005/08/02 11:04:48| cbdataUnlock: 0x969b940
2005/08/02 11:04:48| cbdataFree: 0x996d6c0
2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0
2005/08/02 11:04:48| The reply for GET
http://www.deerfieldconstruction.com/Clients/Travel%20Centers/AshlandOH/TCA_Ashland.htm
is ALLOWED, because it matched 'all'
2005/08/02 11:04:48| packing sline 0x9971d14 using 0xbfff7a20:
2005/08/02 11:04:48| HTTP/1.0 401 Unauthorized
2005/08/02 11:04:48| packing hdr: (0x9971d24)
2005/08/02 11:04:48| destroying rep: 0x9971ce8
2005/08/02 11:04:48| cleaning hdr: 0x9971d24 owner: 2
2005/08/02 11:04:48| destroying entry 0x996fd28: 'Content-Length: 644'
2005/08/02 11:04:48| destroying entry 0x996fce8: 'Content-Type: text/html'
2005/08/02 11:04:48| destroying entry 0x996fe18: 'X-Cache: MISS from
proxy02.ta.com'
2005/08/02 11:04:48| destroying entry 0x996fca8: 'Proxy-Connection:
keep-alive'
2005/08/02 11:04:48| comm_write: FD 10: sz 784: hndl 0xd6ce4b: data
0x996d3d0.
2005/08/02 11:04:48| cbdataLock: 0x996d3d0
2005/08/02 11:04:48| commSetSelect: FD 10 type 2
2005/08/02 11:04:48| cbdataUnlock: 0x996dc38
2005/08/02 11:04:48| storeSwapOut:
http://www.deerfieldconstruction.com/Clients/Travel%20Centers/AshlandOH/TCA_Ashland.htm
2005/08/02 11:04:48| storeSwapOut: store_status = STORE_PENDING
2005/08/02 11:04:48| storeSwapOut: mem->inmem_lo = 0
2005/08/02 11:04:48| storeSwapOut: mem->inmem_hi = 744
2005/08/02 11:04:48| storeSwapOut: swapout.queue_offset = 0
2005/08/02 11:04:48| storeSwapOut: lowest_offset = 0
2005/08/02 11:04:48| httpPconnTransferDone: FD 13
2005/08/02 11:04:48| httpPconnTransferDone: content_length=644
2005/08/02 11:04:48| commSetTimeout: FD 13 timeout -1
2005/08/02 11:04:48| commSetSelect: FD 13 type 1
2005/08/02 11:04:48| comm_remove_close_handler: FD 13, handler=0xd8fd6c,
data=0x996f240
2005/08/02 11:04:48| cbdataUnlock: 0x996f240
2005/08/02 11:04:48| fwdUnregister:
http://www.deerfieldconstruction.com/Clients/Travel%20Centers/AshlandOH/TCA_Ashland.htm
Received on Tue Aug 02 2005 - 12:18:40 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT