Kaya Saman wrote:
Hi, this is my first post although been running Squid for a little while am still very new to it as I'm just transitioning between being an ex-student to a junior professional with UNIX stuff :-) Basically here's the issue: I would like to access some services in my network protected by .htaccess uname/passwd authentication, however when I enter the uname/passwd combo I get kicked out and the enter uname/passwd dialog box comes up again.... I have come to believe that this is a Squid issue as Apache works fine internally on my intranet with this authentication method/procedure. No logs in Apache claim that there has been an error so I'm reckoning that Squid cannot forward the http authentication headers somehow. I have been instructed on the Apache users mailing list to check up auth basic realm only I couldn't find and understand exactly what I need to do as in Squid config file there is something which says: #auth_param basic realm Squid proxy-caching web server I have enabled this option and restarted Squid only to have no effect!!! Squid is being used as a reverse proxy so I am really stuck on what to do....
From http://www.squid-cache.org/Versions/v2/2.6/cfgman/cache_peer.html...
use 'login=PASS' if users must authenticate against the upstream proxy or in the case of a reverse proxy configuration, the origin web server. This will pass the users credentials as they are to the peer. Note: To combine this with local authentication the Basic authentication scheme must be used, and both servers must share the same user database as HTTP only allows for a single login (one for proxy, one for origin server). Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION
Someone on the Apache mailing list gave me a plugin for firefox to detect http headers and save them of which the relevant output is this: [code] ---------------------------------------------------------- http://zeta-ray.optiplex-networks.com/munin/ GET /munin/ HTTP/1.1 Host: zeta-ray.optiplex-networks.com User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.14) Gecko/2009090 217 Ubuntu/9.04 (jaunty) Firefox/3.0.14 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Authorization: Basic YWRtaW46U2NscjExWFA5OQ==
And change that password everywhere it's used. :o) Basic authentication just encodes the credentials using Base64, which is reversible.
HTTP/1.x 401 Unauthorized Date: Wed, 14 Oct 2009 09:57:23 GMT Server: Apache/2.2.3 (Red Hat) WWW-Authenticate: Basic realm="Restricted Files" Content-Length: 497 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from NetraT1-Proxy Via: 1.0 NetraT1-Proxy:80 (squid/2.6.STABLE15) Connection: close ---------------------------------------------------------- [/code] It seems like Squid isn't parsing anything to the Apache server behind it! Can anyone help me on what's going on??? Many thanks!
Chris
