On 17.07.2012 07:35, Peter Olsson wrote:
Hello!
On Mon, Jul 16, 2012 at 09:03:00PM +0300, Eliezer Croitoru wrote:
On 7/16/2012 7:05 PM, Peter Olsson wrote:
> We're trying to connect to a remote server that
> requires authentication. This works fine when
> we place the browser client on the Internet, but
> when we place the browser client behind squid the
> authentication popup just returns without accepting
> the login.
can you please be more specific about the topology?
My test setup is very easy. Just a single squid server
in plain proxy mode, using two network interfaces.
One interface towards Internet, the other running a
private network.
I have a single PC client connected to the private interface
in the squid server. There is no connection from the private
network to the Internet without passing through the squid proxy.
The squid server is running 3.2.0.18, with the default
squid.conf installed by the 3.2.0.18 tarball. Only differences
from default squid.conf are my added visible_hostname and
changed http_port from 3128 to 80.
Why?
visible_hostname defaults to the machine system hostname.
port 80 is likely to have interference from any number of firewall,
IDS or other software digging its fingers into the traffic.
There is no transparency or
routing between interfaces configured in the squid server,
just plain proxy from inside to outside.
The external server I'm trying to reach is on the Internet.
If I try to connect to this server through squid, I don't
get authenticated. If I however move the PC client to the
Internet, so it doesn't pass through squid, the authentication
to the external server works fine.
There is a growing collection of known MS software which cannot handle
the HTTP/1.0<->HTTP1/.1 gateway nature of Squid-3.1 series. But this
should not be an issue with 3.2 series.
Please update to the latest beta though before doing more testing.
3.2.0.20 is out and the latest snapshot has some relevant bug fixes.
3.2 would be best to test with since it provide a full HTTP header
trace at "debug_options 11,2". Those header trace will be the best
starting point to track this down.
Amos
