Ben Hollingsworth wrote:
I've setup Squid 2.6.STABLE6 as a reverse proxy. It terminates SSL
connections using a wildcard cert and then passes the connections to
back-end servers using either HTTP or HTTPS. All works well for
servers that don't require any authentication (or which let the web
application handle its own authentication). However, when I try to
use Apache's native authentication to restrict directory access, any
access through the proxy always fails authentication. Access directly
to the server (bypassing the proxy) authenticates just fine, so it
appears that something about my Squid setup is causing authentication
to break. This happens regardless of whether the back-end is running
HTTP or HTTPS. The squid & apache logs don't tell me anything. I've
looked over packet dumps (on the HTTP side, of course), but I don't
see the user/pwd anywhere. Any ideas what I'm doing wrong?
Squid.conf: ("docs" is the server in question)
http_port 80 vhost
https_port 443 cert=/etc/squid/server.crt key=/etc/squid/server.pem vhost
icp_port 0
cache_peer 172.26.6.159 parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=cmaxx-app-peer
cache_peer 172.22.65.2 parent 80 0 no-query originserver name=docs-peer
cache_peer 172.22.66.208 parent 80 0 no-query originserver
name=ocsapp-peer
cache_peer 172.22.66.206 parent 80 0 no-query originserver
name=ocsinf-peer
OK, I fixed my problem. I need to add "login=PASS" to the option list
in the cache_peer lines. Otherwise, it wasn't passing login info back
to the real server.
begin:vcard
fn:Ben Hollingsworth
n:Hollingsworth;Ben
org:BryanLGH Health System;Information Technology
adr:;;1600 S. 48th St.;Lincoln;NE;68506;USA
email;internet:ben.hollingsworth@xxxxxxxxxxxx
title:Systems Programmer
tel;work:402-481-8582
tel;fax:402-481-8354
tel;cell:402-432-5334
url:http://www.bryanlgh.org
version:2.1
end:vcard
