Hello, I have two web servers running apache behind squid. The application on the apache is php written and requests authentication which is passed by http digest. When I try to get to the web servers directly the application works. But through squid I find that squid removes the http digest header and replaces it with its own basic authentication (proxy_auth is not enabled). This is taken from squid access log: http://squid-server/xadmin/mk.php - ROUNDROBIN_PARENT/squid-server text/html Host:%20squid-server%0D%0AUser-Agent:%20Mozilla/5.0%20(Windows;%20U;%20Windows%20NT%206.1;%20en-US;%20rv:1.9.2.16)%20Gecko/20110319%20Firefox/3.6.16%20GTB7.1%0D%0AAccept:%20text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8%0D%0AAccept-Language:%20en-us,en;q=0.5%0D%0AAccept-Encoding:%20gzip,deflate%0D%0AAccept-Charset:%20ISO-8859-1,utf-8;q=0.7,*;q=0.7%0D%0AKeep-Alive:%20115%0D%0AConnection:%20keep-alive%0D%0AAuthorization:%20Digest%20username=%22dev%22,%20realm=%22xadmin%22,%20nonce=%22b1ffe1477deafad5554a0632ad8fba1c%22,%20uri=%22/xadmin/mk.php%22,%20algorithm=MD5,%20response=%22625715996fe71c2fec61d4f6f1514150%22,%20opaque=%22d75db7b160fe72d1346d2bd1f67bfd10%22,%20qop=auth,%20nc=00000001,%20cnonce=%227dad729a5d7d6eae%22%0D%0A This is the header that gets to the web server: 0x0040: 6d6b 2e70 6870 2048 5454 502f 312e 300d mk.php.HTTP/1.0. 0x0050: 0a48 6f73 743a 2061 7474 2e71 612e 7770 .Host:.squid-server xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ..User- 0x0070: 4167 656e 743a 204d 6f7a 696c 6c61 2f35 Agent:.Mozilla/5 0x0080: 2e30 2028 5769 6e64 6f77 733b 2055 3b20 .0.(Windows;.U;. 0x0090: 5769 6e64 6f77 7320 4e54 2036 2e31 3b20 Windows.NT.6.1;. 0x00a0: 656e 2d55 533b 2072 763a 312e 392e 322e en-US;.rv:1.9.2. 0x00b0: 3136 2920 4765 636b 6f2f 3230 3131 3033 16).Gecko/201103 0x00c0: 3139 2046 6972 6566 6f78 2f33 2e36 2e31 19.Firefox/3.6.1 0x00d0: 3620 4754 4237 2e31 0d0a 4163 6365 7074 6.GTB7.1..Accept 0x00e0: 3a20 7465 7874 2f68 746d 6c2c 6170 706c :.text/html,appl 0x00f0: 6963 6174 696f 6e2f 7868 746d 6c2b 786d ication/xhtml+xm 0x0100: 6c2c 6170 706c 6963 6174 696f 6e2f 786d l,application/xm 0x0110: 6c3b 713d 302e 392c 2a2f 2a3b 713d 302e l;q=0.9,*/*;q=0. 0x0120: 380d 0a41 6363 6570 742d 4c61 6e67 7561 8..Accept-Langua 0x0130: 6765 3a20 656e 2d75 732c 656e 3b71 3d30 ge:.en-us,en;q=0 0x0140: 2e35 0d0a 4163 6365 7074 2d45 6e63 6f64 .5..Accept-Encod 0x0150: 696e 673a 2067 7a69 702c 6465 666c 6174 ing:.gzip,deflat 0x0160: 650d 0a41 6363 6570 742d 4368 6172 7365 e..Accept-Charse 0x0170: 743a 2049 534f 2d38 3835 392d 312c 7574 t:.ISO-8859-1,ut 0x0180: 662d 383b 713d 302e 372c 2a3b 713d 302e f-8;q=0.7,*;q=0. 0x0190: 370d 0a56 6961 3a20 312e 3120 6174 7471 7..Via:.1.1.xxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.(squid/ 0x01b0: 322e 362e 5354 4142 4c45 3231 290d 0a58 2.6.STABLE21)..X 0x01c0: 2d46 6f72 7761 7264 6564 2d46 6f72 3a20 -Forwarded-For:. 0x01d0: 3139 322e 3136 382e 302e 3731 0d0a 5072 192.168.0.71..Pr 0x01e0: 6f78 792d 4175 7468 6f72 697a 6174 696f oxy-Authorizatio 0x01f0: 6e3a 2042 6173 6963 2055 4546 5455 3152 n:.Basic.UEFTU1R 0x0200: 4955 6c55 3d0d 0a41 7574 686f 7269 7a61 IUlU=..Authoriza 0x0210: 7469 6f6e 3a20 4261 7369 6320 5545 4654 tion:.Basic.UEFT 0x0220: 5531 5249 556c 553d 0d0a 4361 6368 652d U1RIUlU=..Cache- 0x0230: 436f 6e74 726f 6c3a 206d 6178 2d61 6765 Control:.max-age 0x0240: 3d32 3539 3230 300d 0a0d 0a =259200.... This is squid config: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost icp_access allow all http_port 3128 hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache visible_hostname attqalb coredump_dir /var/spool/squid cache_dir null /null http_port 192.168.68.167:80 vhost cache_peer 192.168.68.155 parent 80 0 no-query connection-auth=off login=PASSTHRU originserver round-robin name=web1 cache_peer 192.168.68.156 parent 80 0 no-query connection-auth=off login=PASSTHRU originserver round-robin name=web2 cache deny all server_persistent_connections on http_access allow all please help. This message, together with its attachments, contains information from WebsPlanet Ltd., which is privileged and confidential. If you are not the intended recipient or you have received this message in error, then please notify us immediately by e-mail to info@xxxxxxxxxxxxxx, and delete all copies of this message and its attachments.