Re: Authntication loop

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

csampath wrote:
> Hi ,
>
> Nice to see your quick response.
>
> I compiled with --enable-linux-netfilter configuration. You mean to say
> compile squid with out that flag to run squid  in accel mode ?

No. Reverse-proxy mode "Acceleration" of an internal webserver is 
available by default in current Squid. Where Squid listens on port 80 
and gateways to your master web server.

Port-80 Interception is a different mode and requires such options along 
with "transparent" or "intercept" settings to http_port (can be, but 
best not to have it on the usual proxy port).


> I tried with out vhost and vport . Just giving the defaultsite=XXXXX.xom
>
> request is not going to the correct URL. 
>
> Any suggestion in the config file ?

What usage are you trying to put Squid to? Its hard to give specifics 
when working to a vague assumption.

Amos

> Chris Robertson-2 wrote:
> > csampath wrote:
> > > Hi All,
> > >
> > > I am using squid3.0 satble 15.
> > >
> > > I am facing the authentication loop . For a page to load squid is asking
> > > for
> > > 3 to 5 times (may be for each ajax request)
> > >
> > > When I give wrong password it is saying 
> > >
> > > Sorry, you are not currently allowed to request http://yahoo.com from
> > > this
> > > cache until you have authenticated yourself.
> > >
> > > When I give correct password it is asking repeatedly (for every click) 
> > >
> > > Here is my squid configuration.
> > >
> > >
> > > http_port 3128 accel vport vhost
> > >
> > > auth_param basic program /usr/lib64/squid/squid_radius_auth -f
> > > /etc/squid/squid_radius_conf
> > > auth_param basic children 2
> > > auth_param basic realm Squid proxy-caching web server
> > > auth_param basic credentialsttl 2 hours
> > > acl radius-auth proxy_auth REQUIRED
> > > http_access deny all !radius-auth
> > > http_access deny  !radius-auth all
> > > http_access allow  all
> > > http_reply_access allow all
> > > visible_hostname localhost
> > > #miss_access allow all
> > > cache deny all
> > > always_direct allow all
> > >
> > > can any one suggest me the order of http_access entries in the
> > > configuration
> > > file?
> > >   
> >  From the information given, I gather that you are running an 
> > interception proxy.  The accel argument to http_port is meant for 
> > acceleration setups, not for interception setups.  I further surmise 
> > that you chose to go the "accel vport vhost" route because using 
> > "transparent" gave configuration errors with authentication.
> >
> > There is a reason for that.  
> > http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-e56904dd4dfe0e21e5c2903473c473d401533ac7
> >
> > > Appreciate your response.
> > >  
> > > Thanks
> > > -Sampath.
> > Chris


--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.8