Re: [squid-users] Digest Problem

From: FredB <fredbmail_at_free.fr>
Date: Thu, 15 Mar 2012 15:53:46 +0100 (CET)

>
> Hi,
>
> I'm trying ldap and digest with squid 3.2.0.16, the authentication
> seems works, but unfortunately I can only navigate just one time
>
> 1) squid start
>
> 2) Open firefox, first cnx deny -> normal
> 192.168.80.194 - - [14/Mar/2012:09:54:40 +0100] "GET
> http://www.google.fr/ HTTP/1.1" 407 1861 "-" "Mozilla/5.0 (X11; U;
> Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
>
> 3) Ident ok with user ftest
> 192.168.80.194 - ftest [14/Mar/2012:09:54:51 +0100] "GET
> http://www.google.fr/ HTTP/1.1" 200 22083 "-" "Mozilla/5.0 (X11; U;
> Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_MISS:HIER_DIRECT
>
> 4) Refresh or get another website -> deny
> 192.168.80.194 - - [14/Mar/2012:09:54:51 +0100] "GET
> http://www.google.fr/images/icons/product/chrome-48.png HTTP/1.1"
> 403 1742 "http://www.google.fr/" "Mozilla/5.0 (X11; U; Linux i686;
> en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:51 +0100] "GET
> http://www.google.fr/logos/2012/yoshizawa12-hp.jpg HTTP/1.1" 403
> 1742 "http://www.google.fr/" "Mozilla/5.0 (X11; U; Linux i686;
> en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:51 +0100] "GET
> http://www.google.fr/images/modules/buttons/g-button-chocobo-basic-1.gif
> HTTP/1.1" 403 1742 "http://www.google.fr/" "Mozilla/5.0 (X11; U;
> Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:51 +0100] "GET
> http://www.google.fr/images/modules/buttons/g-button-chocobo-basic-2.gif
> HTTP/1.1" 403 1742 "http://www.google.fr/" "Mozilla/5.0 (X11; U;
> Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:51 +0100] "GET
> http://www.google.fr/extern_js/f/CgJmchICZnIrMEU4ACwrMFo4ACwrMA44ACwrMBc4ACwrMDw4ACwrMFE4ACwrMFk4ACwrMAo4AJoCAmNjLCswmAE4ACwrMBY4ACwrMBk4ACwrMCs4AJoCC2pzX3JlZGlyZWN0LCswQTgALCswTTgALCswTjgALCswUzgALCswVDgALCswaTgALCswkAE4ACwrMJIBOAAsKzCXATgALCswowE4ACwrMKcBOAAsKzDVATgALCsw2AE4ACwrMB04ACwrMFw4ACwrMBg4ACwrMCY4ACyAAmiQAms/VOQ9j5h6dbo.js
> HTTP/1.1" 403 1742 "http://www.google.fr/" "Mozilla/5.0 (X11; U;
> Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:52 +0100] "GET
> http://www.google.fr/images/nav_logo104.png HTTP/1.1" 403 1742
> "http://www.google.fr/" "Mozilla/5.0 (X11; U; Linux i686; en-US;
> rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6 (Debian-3.0.6-3)"
> TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:52 +0100] "GET
> http://www.google.fr/favicon.ico HTTP/1.1" 403 1742 "-" "Mozilla/5.0
> (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807
> Iceweasel/3.0.6 (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:52 +0100] "GET
> http://ssl.gstatic.com/gb/js/sem_24f279c41cbdb53cb15432c98ed5fee2.js
> HTTP/1.1" 403 1742 "http://www.google.fr/" "Mozilla/5.0 (X11; U;
> Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
> 192.168.80.194 - - [14/Mar/2012:09:54:54 +0100] "GET
> http://www.google.fr/ HTTP/1.1" 403 1742 "-" "Mozilla/5.0 (X11; U;
> Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Iceweasel/3.0.6
> (Debian-3.0.6-3)" TCP_DENIED:HIER_NONE
>
> It's ok only for the first request, for example if my first page is
> www.squid-cache.org I get only the html page without css or pictures
>
> Squid.conf:
>
> auth_param digest program /usr/lib/squid/digest_ldap_auth -b
> ou=People,dc=ldap,dc=test -h 127.0.0.1:389 -A "description" -l: -e
> -u "uid"
>
> auth_param digest realm PROXY
> auth_param digest children 10
>
> Thanks
>

Same problem with 3.1.19

Squid Cache: Version 3.1.19
configure options: '--prefix=/' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/squid' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid' '--with-filedescriptors=65535' '--with-large-files' '--disable-snmp' '--with-default-user=squid' '--disable-ipv6' '--enable-linux-netfilter' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS=' '--disable-ident-lookups' '--enable-auth=digest' '--enable-digest-auth-helpers=ldap' '--enable-digest-auth-helpers=ldap,password' --with-squid=/root/squid-3.1.19 --enable-ltdl-convenience
Received on Thu Mar 15 2012 - 14:54:02 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 15 2012 - 12:00:02 MDT