Ben Hollingsworth wrote:
> I've setup Squid 2.6.STABLE6 as a reverse proxy. It terminates SSL
> connections using a wildcard cert and then passes the connections to
> back-end servers using either HTTP or HTTPS. All works well for
> servers that don't require any authentication (or which let the web
> application handle its own authentication). However, when I try to
> use Apache's native authentication to restrict directory access, any
> access through the proxy always fails authentication. Access directly
> to the server (bypassing the proxy) authenticates just fine, so it
> appears that something about my Squid setup is causing authentication
> to break. This happens regardless of whether the back-end is running
> HTTP or HTTPS. The squid & apache logs don't tell me anything. I've
> looked over packet dumps (on the HTTP side, of course), but I don't
> see the user/pwd anywhere. Any ideas what I'm doing wrong?
>
> Squid.conf: ("docs" is the server in question)
>
> http_port 80 vhost
> https_port 443 cert=/etc/squid/server.crt key=/etc/squid/server.pem vhost
> icp_port 0
> cache_peer 172.26.6.159 parent 443 0 no-query originserver ssl
> sslflags=DONT_VERIFY_PEER name=cmaxx-app-peer
> cache_peer 172.22.65.2 parent 80 0 no-query originserver name=docs-peer
> cache_peer 172.22.66.208 parent 80 0 no-query originserver
> name=ocsapp-peer
> cache_peer 172.22.66.206 parent 80 0 no-query originserver
> name=ocsinf-peer
OK, I fixed my problem. I need to add "login=PASS" to the option list
in the cache_peer lines. Otherwise, it wasn't passing login info back
to the real server.
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:04 MDT