Chris Robertson wrote:
> Kaya Saman wrote:
>> Hi,
>>
>> this is my first post although been running Squid for a little while
>> am still very new to it as I'm just transitioning between being an
>> ex-student to a junior professional with UNIX stuff :-)
>>
>> Basically here's the issue:
>>
>> I would like to access some services in my network protected by
>> .htaccess uname/passwd authentication, however when I enter the
>> uname/passwd combo I get kicked out and the enter uname/passwd dialog
>> box comes up again.... I have come to believe that this is a Squid
>> issue as Apache works fine internally on my intranet with this
>> authentication method/procedure.
>>
>> No logs in Apache claim that there has been an error so I'm reckoning
>> that Squid cannot forward the http authentication headers somehow.
>>
>> I have been instructed on the Apache users mailing list to check up
>> auth basic realm only I couldn't find and understand exactly what I
>> need to do as in Squid config file there is something which says:
>> #auth_param basic realm Squid proxy-caching web server
>>
>> I have enabled this option and restarted Squid only to have no
>> effect!!!
>>
>> Squid is being used as a reverse proxy so I am really stuck on what
>> to do....
>
> From http://www.squid-cache.org/Versions/v2/2.6/cfgman/cache_peer.html...
>
> use 'login=PASS' if users must authenticate against the upstream proxy
> or in the case of a reverse proxy configuration, the origin web
> server. This will pass the users credentials as they are to the peer.
> Note: To combine this with local authentication the Basic
> authentication scheme must be used, and both servers must share the
> same user database as HTTP only allows for a single login (one for
> proxy, one for origin server). Also be warned this will expose your
> users proxy password to the peer. USE WITH CAUTION
>
>
>>
>> Someone on the Apache mailing list gave me a plugin for firefox to
>> detect http headers and save them of which the relevant output is
>> this:
>>
>> [code] ----------------------------------------------------------
>> http://zeta-ray.optiplex-networks.com/munin/
>>
>> GET /munin/ HTTP/1.1 Host: zeta-ray.optiplex-networks.com User-Agent:
>> Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.14) Gecko/2009090
>> 217 Ubuntu/9.04 (jaunty) Firefox/3.0.14 Accept:
>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300
>> Connection: keep-alive Authorization: Basic YWRtaW46U2NscjExWFA5OQ==
>
> And change that password everywhere it's used. :o) Basic
> authentication just encodes the credentials using Base64, which is
> reversible.
>
>>
>> HTTP/1.x 401 Unauthorized Date: Wed, 14 Oct 2009 09:57:23 GMT Server:
>> Apache/2.2.3 (Red Hat) WWW-Authenticate: Basic realm="Restricted
>> Files" Content-Length: 497 Content-Type: text/html;
>> charset=iso-8859-1 X-Cache: MISS from NetraT1-Proxy Via: 1.0
>> NetraT1-Proxy:80 (squid/2.6.STABLE15) Connection: close
>> ---------------------------------------------------------- [/code]
>>
>> It seems like Squid isn't parsing anything to the Apache server
>> behind it!
>>
>> Can anyone help me on what's going on???
>>
>> Many thanks!
>
> Chris
>
Received on Wed Oct 14 2009 - 19:51:34 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 15 2009 - 12:00:03 MDT