Chris Robertson wrote:
Kaya Saman wrote:
Hi,
this is my first post although been running Squid for a little while
am still very new to it as I'm just transitioning between being an
ex-student to a junior professional with UNIX stuff :-)
Basically here's the issue:
I would like to access some services in my network protected by
.htaccess uname/passwd authentication, however when I enter the
uname/passwd combo I get kicked out and the enter uname/passwd dialog
box comes up again.... I have come to believe that this is a Squid
issue as Apache works fine internally on my intranet with this
authentication method/procedure.
No logs in Apache claim that there has been an error so I'm reckoning
that Squid cannot forward the http authentication headers somehow.
I have been instructed on the Apache users mailing list to check up
auth basic realm only I couldn't find and understand exactly what I
need to do as in Squid config file there is something which says:
#auth_param basic realm Squid proxy-caching web server
I have enabled this option and restarted Squid only to have no
effect!!!
Squid is being used as a reverse proxy so I am really stuck on what
to do....
From http://www.squid-cache.org/Versions/v2/2.6/cfgman/cache_peer.html...
use 'login=PASS' if users must authenticate against the upstream proxy
or in the case of a reverse proxy configuration, the origin web
server. This will pass the users credentials as they are to the peer.
Note: To combine this with local authentication the Basic
authentication scheme must be used, and both servers must share the
same user database as HTTP only allows for a single login (one for
proxy, one for origin server). Also be warned this will expose your
users proxy password to the peer. USE WITH CAUTION
Someone on the Apache mailing list gave me a plugin for firefox to
detect http headers and save them of which the relevant output is
this:
[code] ----------------------------------------------------------
http://zeta-ray.optiplex-networks.com/munin/
GET /munin/ HTTP/1.1 Host: zeta-ray.optiplex-networks.com User-Agent:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.14) Gecko/2009090
217 Ubuntu/9.04 (jaunty) Firefox/3.0.14 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300
Connection: keep-alive Authorization: Basic YWRtaW46U2NscjExWFA5OQ==
And change that password everywhere it's used. :o) Basic
authentication just encodes the credentials using Base64, which is
reversible.
HTTP/1.x 401 Unauthorized Date: Wed, 14 Oct 2009 09:57:23 GMT Server:
Apache/2.2.3 (Red Hat) WWW-Authenticate: Basic realm="Restricted
Files" Content-Length: 497 Content-Type: text/html;
charset=iso-8859-1 X-Cache: MISS from NetraT1-Proxy Via: 1.0
NetraT1-Proxy:80 (squid/2.6.STABLE15) Connection: close
---------------------------------------------------------- [/code]
It seems like Squid isn't parsing anything to the Apache server
behind it!
Can anyone help me on what's going on???
Many thanks!
Chris
