Re: [squid-users] WWW-Authenticate header field

bijayant kumar wrote:
> I can give only the squid configuration details, because the webserver which is being accessed is not under our control. When we are accessing that webserver without the squid its opening fine, but from squid I am getting the error. Here is the configuration details
>
> SQUID 2.6.STABLE13 :-
>
> http_port 3128 transparent
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> maximum_object_size 40960 KB
> cache_dir ufs /var/cache/squid 2000 16 256
> access_log /var/log/squid/access.log squid
> url_rewrite_program /usr/bin/squidGuard -c /etc/squidGuard/squidGuard.conf
> url_rewrite_children 40
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
> follow_x_forwarded_for allow localhost
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> -- some acls are defined according to network --
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> visible_hostname xxxxx.proxy.blr
> forwarded_for off
> coredump_dir /var/cache/squid
> ie_refresh on
>
> Rest all are default values. When web server is being accessed through squid, it prompts the username & password(webserver), and after giving the right credentials it gives me the error specified. But without the squid ie going directly to webserver all things are fine means it accepts the username and password. AFAIK, squid configuration is fine because when any webserver with htaccess authentication is being accessed by squid, it opens fine. But not this server.
>
> Bijayant Kumar
>

Hmm, transparent proxy and authentication trouble :(

Can you get a look at the challenge and error headers the web server is
producing?

Amos

>
> --- On Wed, 4/2/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> Subject: Re: [squid-users] WWW-Authenticate header field
>> To: bijayant4u_at_yahoo.com
>> Cc: "squid users" <squid-users_at_squid-cache.org>
>> Date: Wednesday, 4 February, 2009, 10:15 AM
>> bijayant kumar wrote:
>>> Hello list,
>>>
>>> We have a local webserver running in our LAN and it is
>> configured to ask username and password to access. When I am
>> configuring my IE to go use squid then its giving me a error
>> like
>>> You are not authorized to view this page
>>> You do not have permission to view this directory or
>> page using the credentials that you supplied because your
>> Web browser is sending a WWW-Authenticate header field that
>> the Web server is not configured to accept.
>>> HTTP Error 401.2 - Unauthorized: Access is denied due
>> to server configuration.
>>> But when I am not using squid as a proxy ie
>> accessing directly, its opening fine.
>>> I am using SQUID 2.6.STABLE13.
>>>
>>> Is anything wrong with the squid
>> configuration/compilation or I have to change anything in
>> the webserver. Please help me.
>> People can only help with configuration problems when
>> config details are supplied.
>>
>>
>>
>> Amos
>> -- Please be using
>> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
>> Current Beta Squid 3.1.0.4
>
>
> New Email addresses available on Yahoo!
> Get the Email name you&#39;ve always wanted on the new @ymail and @rocketmail.
> Hurry before someone else does!
> http://mail.promotions.yahoo.com/newdomains/aa/

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.5