Search squid archive

Re: Authentication problem/oddity/ignorance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rob Asher wrote:
I have an external site that requires authentication that's not working through my proxies.

Proxies. Plural. How are you spreading the traffic among the proxies. A number of authentication requiring websites associate login credentials with a source IP. Using a round robin load balancer (without source NATing the outgoing requests from the multiple proxies) can cause issues with such sites. As well, using authentication on a intercepting (also called a transparent) proxy can cause issues such as this.

The squid versions vary from 2.6.STABLE6 to 2.6.STABLE13 with the same results.  With IE7, all that's returned is "cannot display the webpage" even with "show friendly http error messages" turned off.  With FF2, the login box keeps popping up until you cancel.  Here's the oddity though, I have one XP machine that is able to authenticate through the proxy without any problems with both IE7 and FF2.   Same user, same proxy, same passwords just different machines.  If I bypass the proxy, everything works fine on all machines.  I read something in the archives about configuring the browser to keep authentication details longer.  Could that be the difference?  If so, I have no idea how to change that??  Below are the two relevant portions from access.log.  I have the live http header add-on for FF also but I'm ignorant on reading and using it effectively.  Any help or ideas are appreciated!

Does NOT connect:
[root@phs-proxy squid]# tail -f access.log | grep www.k12.ar.us 1211985315.277 53 170.211.xxx.30 TCP_MISS/401 2145 GET http://www.k12.ar.us/secure/smspo/smspo.htm rasher DIRECT/165.29.214.2 text/html
1211985326.697     25 170.211.xxx.30 TCP_MISS/401 2272 GET http://www.k12.ar.us/secure/smspo/smspo.htm rasher DIRECT/165.29.214.2 text/html
1211985326.760     42 170.211.xxx.30 TCP_MISS/401 2028 GET http://www.k12.ar.us/secure/smspo/smspo.htm rasher DIRECT/165.29.214.2 text/html

TCP_MISS/401 indicates the website returned a "Not Authorized" response, which should cause your browser to prompt for authentication.


Does connect:
[root@phs-proxy squid]# tail -f access.log | grep www.k12.ar.us 1211985582.423 71 170.211.xxx.31 TCP_MISS/401 2145 GET http://www.k12.ar.us/secure/smspo/smspo.htm rasher DIRECT/165.29.214.2 text/html
1211985605.978     27 170.211.xxx.31 TCP_MISS/401 2277 GET http://www.k12.ar.us/secure/smspo/smspo.htm rasher DIRECT/165.29.214.2 text/html
1211985606.002     25 170.211.xxx.31 TCP_MISS/304 414 GET http://www.k12.ar.us/secure/smspo/smspo.htm rasher NONE/- -
1211985606.077     61 170.211.xxx.31 TCP_MISS/401 2145 GET http://www.k12.ar.us/secure/smspo/awmmenupath.gif rasher DIRECT/165.29.214.2 text/html
1211985606.103     26 170.211.xxx.31 TCP_MISS/401 2277 GET http://www.k12.ar.us/secure/smspo/awmmenupath.gif rasher NONE/- text/html
1211985606.130     26 170.211.xxx.31 TCP_MISS/404 1991 GET http://www.k12.ar.us/secure/smspo/awmmenupath.gif rasher NONE/- text/html
1211985606.234     71 170.211.xxx.31 TCP_MISS/401 2145 GET http://www.k12.ar.us/secure/smspo/bg.jpg rasher DIRECT/165.29.214.2 text/html
1211985606.259     24 170.211.xxx.31 TCP_MISS/401 2277 GET http://www.k12.ar.us/secure/smspo/bg.jpg rasher DIRECT/165.29.214.2 text/html
1211985606.263     49 170.211.xxx.31 TCP_MISS/401 2145 GET http://www.k12.ar.us/secure/smspo/topmenu.jpg rasher DIRECT/165.29.214.2 text/html
1211985606.267     53 170.211.xxx.31 TCP_MISS/401 2145 GET http://www.k12.ar.us/secure/smspo/mid.jpg rasher DIRECT/165.29.214.2 text/html
1211985606.281     21 170.211.xxx.31 TCP_MISS/304 413 GET http://www.k12.ar.us/secure/smspo/bg.jpg rasher NONE/- -
1211985606.286     23 170.211.xxx.31 TCP_MISS/401 2277 GET http://www.k12.ar.us/secure/smspo/topmenu.jpg rasher DIRECT/165.29.214.2 text/html
1211985606.291     23 170.211.xxx.31 TCP_MISS/401 2277 GET http://www.k12.ar.us/secure/smspo/mid.jpg rasher DIRECT/165.29.214.2 text/html
1211985606.314     26 170.211.xxx.31 TCP_MISS/304 412 GET http://www.k12.ar.us/secure/smspo/topmenu.jpg rasher NONE/- -
1211985606.314     22 170.211.xxx.31 TCP_MISS/304 413 GET http://www.k12.ar.us/secure/smspo/mid.jpg rasher NONE/- -

Wow. Not a single TCP_MISS/200 or TCP_HIT/200. The only requests that succeeded were cached content (TCP_MISS/304, with a parent of NONE). So, from the evidence given, the machine that is "working" only appears to be working because it is able to wrest a response from the cache that allows it to use its locally cached copy...

Thanks,
Rob


-------------------------------------
Rob Asher
Network Systems Technician
Paragould School District
(870)236-7744 Ext. 169

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux