On 02/12/10 00:31, Soumadri Roy Chowdhury wrote:
> I need to configure Squid as a reverse proxy with a custom
> authentication helper for each incoming requests. Every request to
> Squid is assumed to be with basic authentication. Any connection which
Don't assume. Be sure.
By only configuring squid with "auth_param basic" other auth types will
be identified as unusable.
> fails the authentication, should be terminated. I am a newbie in
> Squid. Following is the configuration script I have used. This sample
> is to access "mindofaprogrammer.blog.com",
>
> #Squid Configs
> acl all src all
> acl manager proto cache_object
>
> http_port 80 accel defaultsite=mindofaprogrammer.blog.com
> cache_peer mindofaprogrammer.blog.com parent 80 0 no-query
> originserver name=myAccel
>
> acl myblog dstdomain mindofaprogrammer.blog.com
> http_access allow myblog
> cache_peer_access myAccel allow myblog
> cache_peer_access myAccel deny all
>
>
> auth_param basic program C:/wamp/bin/php/php5.3.0/php.exe
> "c:/squid/libexec/authhelper.php"
I suggest you don't use PHP. I spent a long while trying to and had to
abandon it due to constant changes in the timeouts of scripts. The gobal
and local overrides provided failed differently in every PHP version to
date.
The result is that helpers die and periodically they *all * die and take
Squid out too.
When the dev drop this automatic script lifetime stupidity for
command-line PHP the language will likely be usable again.
There are bundled DB and file helpers that should be usable for most
custom auth systems.
> auth_param basic children 2
> auth_param basic realm eReader
> auth_param basic credentialsttl 5 hours
>
> acl AuthUsers proxy_auth REQUIRED
> http_access allow AuthUsers
>
> access_log c:/squid/var/logs/access.log squid
> coredump_dir c:/squid/var/cache
> #End Configs
>
> I have written the custom authentication helper in a PHP script. The
> listing of the same is as follows,
>
> <?php
> $f = fopen("php://stdin", "r");
> while ($line = fgets($f)) {
> $line = trim($line);
> $fields = explode(' ', $line);
> $username = rawurldecode($fields[0]); //1738
> $password = rawurldecode($fields[1]); //1738
> if ($username == 'hello'
> and $password == 'world') {
> fwrite(STDOUT, "OK\n");
> } else if ($username == 'fo'
> and $password == 'bar') {
> fwrite(STDOUT, "OK\n");
> } else {
> // failed miserably
> fwrite(STDOUT, "ERR\n");
> }
> }
> ?>
>
>
> The problem I am facing is, even after configuring this, only the
> reverse proxy settings are working not the authentication. Am I doing
> something wrong here?
Sounds like it. Try writing some debug information to STDERR and seeing
what shows up in your cache.log.
NP: since you have your own helper you could/should make it concurrent
and help Squid run a bit faster with it.
ie. I used to do that with:
while($line = fgets($stdin, 8192))
{
$line = trim($line);
if("\$shutdown" == $line) break;
$part = explode(" ",$line);
$id = $part[0]; // ID number
$username = rawurldecode($part[1]); //1738
$password = rawurldecode($part[2]); //1738
...
echo $id ." OK\n";
}
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Thu Dec 02 2010 - 07:34:51 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 02 2010 - 12:00:01 MST