Search squid archive

Re: Issues with Squid and authenticated sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On ons, 2008-06-11 at 22:34 -0300, Henrique Machado wrote:

> The problem is: everytime when trying to access a website that asks
> for a user and a password (some FTP sites and even some websites), I
> don´t receive the "INPUT USERNAME AND PASSWORD" box.
> When I had no authentication method running in Squid, I´d get an error
> message "when trying to authenticate. Squid sent the command
> FTP<password> and received the reply ´User anonymous cannot log in´"
> (this one is for FTP sites).

And because you told Squid to access anonymous FTP.

Authenticated FTP uses URLs on the form

   ftp://user:password@host/

with some browsers you can leave out the :password part and Squid will
prompt for the password. Most browsers fail this however...

> All around the world I have searched for an answer, and I always
> received the same one: "Place the username and password in the URL".
> K, fine, that works, partially, because the FTP always opens as
> read-only (and also the idea of having users´s passwords in our log
> files is against our security policy).

Squid does not log the password component of the requested URL.

> The same goes for the websites that require authentication (this
> situation happens mostly when it´s an authentication method from
> Apache or IIS): no authentication box.

That's a different problem. Should work out of the box except for sites
using NTLM authentication. For those you need to use Squid-2.6 or 2.7 as
Squid-3 do not yet have the needed workarounds to play well with
Microsofts bending of the HTTP message model...

Regards
Henrik

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux