Issues with authentication

[Joe O <notjoe@xxxxxxxxx>]

I have an issue with my browser and squid where they both seem to be stuck in an infinite loop of denied requests.

I have a a helper script that authenticates the user. The script works. Here is an example of the output of authentication 

being successful and not successful.

1. [root@1 ~]# /etc/squid/authenticate.php
2. test1 test1
3. OK
4. test1 test2
5. ERR login failure

So, I am sending the right info back to squid. When I authenticate successfully then squid and my browser play nice and there is no power struggle.

If the authentication fails then I get this:

1. 1476120287.143     24 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com:443 test HIER_NONE/- text/html
2. 1476120287.143     25 45.63.40.55 TCP_DENIED/407 4253 CONNECT www.facebook.com:443 test HIER_NONE/- text/html
3. 1476120287.143     25 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com:443 test HIER_NONE/- text/html
4. 1476120287.216     18 45.63.40.55 TCP_DENIED/407 4293 CONNECT www.facebook.com:443 test HIER_NONE/- text/html
5. 1476120287.216      9 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com:443 test HIER_NONE/- text/html
6. 1476120287.216     15 45.63.40.55 TCP_DENIED/407 4253 CONNECT www.facebook.com:443 test HIER_NONE/- text/html
7. 1476120287.216     15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com:443 test HIER_NONE/- text/html
8. 1476120287.216     15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com:443 test HIER_NONE/- text/html
9. 1476120287.216     15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com:443 test HIER_NONE/- text/html
10. 1476120287.216     15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com:443 test HIER_NONE/- text/html

Here is my squid config:

1. #
2. # Recommended minimum configuration:
3. #
4.  
5. # Example rule allowing access from your local networks.
6. # Adapt to list your (internal) IP networks from where browsing
7. # should be allowed
8. acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
9. acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
10. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
11. acl localnet src fc00::/7       # RFC 4193 local private network range
12. acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
13.  
14. acl SSL_ports port 443
15. acl Safe_ports port 80    # http
16. acl Safe_ports port 21    # ftp
17. acl Safe_ports port 443  # https
18. acl Safe_ports port 70    # gopher
19. acl Safe_ports port 210  # wais
20. acl Safe_ports port 1025-65535  # unregistered ports
21. acl Safe_ports port 280  # http-mgmt
22. acl Safe_ports port 488  # gss-http
23. acl Safe_ports port 591  # filemaker
24. acl Safe_ports port 777  # multiling http
25. acl CONNECT method CONNECT
26.  
27. http_access deny !Safe_ports
28.  
29. http_access deny CONNECT !SSL_ports
30.  
31. http_access allow localhost manager
32. http_access deny manager
33.  
34. http_access allow localnet
35. http_access allow localhost
36.  
37. auth_param basic program /usr/bin/php /etc/squid/authenticate.php
38. auth_param basic children 5
39. auth_param basic realm Web-Proxy
40. auth_param basic credentialsttl 1 minute
41. auth_param basic casesensitive off
42.  
43. acl db-auth proxy_auth REQUIRED
44. http_access allow db-auth
45. http_access allow localhost
46. http_access deny all
47.  
48. http_port 3128
49.  
50. coredump_dir /var/spool/squid
51.  
52. refresh_pattern ^ftp:      1440       20%    10080
53. refresh_pattern ^gopher:        1440    0%  1440
54. refresh_pattern -i (/cgi-bin/|\?) 0     0%   0
55. refresh_pattern .              0      20%   4320

Everything I’ve read and tried always left me with the same result which was an infinite loop rather than squid returning an unauthorized result page.

Any help would be greatly appreciated.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users