Search squid archive

Re: Squid 3.0 vs. 2.6 Releases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>> I have problems with users connecting to websites on IIS servers not
>>>> able to authenticate with user name and password.  Some other user
>>>> complains they cannot upload .NET.  Will the chunked-encoding issue
>>>> cause this?

>>> On the authentication issue I tried changing log level to 9 for a
>>> short time but it did not tell me much.  Saw the POST when the
>>> username and password was submitted but not much else.  Its a IIS/6
>>> server with ASP.NET version 2.  Looks to be using javascript to log
>>> in.
>>>
>>> Any ideas what I can change on Squid to make it work?  Its does this
>>> both in transparent and non-transparent modes.  I was hoping maybe
>>> Squid v3 had some improvements that would make it work.
>>>
>>
>> Interception 'transparent' mode ports do not even attempt to perform
>> authentication.
>
> To clarify, interception/transparent proxy ports don't allow proxy
> authentication.  It should work just fine for authenticating to a web
> server, be it via HTTP auth or a login form.
>
>>  Though with most javascript methods HTTP authentication is
>> not involved anyway.
>>
>
> Given it's a form that's being POSTed, this doesn't sound like HTTP auth in
> any case.
>
>> Making sure the interception and direct-proxy listening ports are
>> different should fix it for most users. If the code itself is failing on a
>> side-band authentication there is nothing you can do to fix it in squid.
>> Only the sites webmaster can fix those.
>>
>
> Unless Squid is configured to block some important header, or forced to
> cache pages that are marked private, or...
>
> A look at your squid.conf (without comments) might give the list members a
> better opportunity to help.

My squid.conf is below.  I am only trying to proxy and cache http and
my cache is only really secured by the source IP address.  Any ideas
would be appreciated.

Squid2.6stable20 was built like so.

./configure --enable-linux-netfilter --enable-storeio=ufs,aufs

Matt

http_port 8086 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
maximum_object_size 65536 KB
cache_dir aufs /usr/local/squid/var/cache 96000 16 256
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:144020%10080
refresh_pattern ^gopher:14400%1440
refresh_pattern .020%4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src x.x.x.0/24 x.x.x.0/24
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
tcp_outgoing_address x.x.10.2 all
cache_mgr support@xxxx
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.xxxx

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux