Search squid archive

Re: Squid authentication problem (Amos Jeffries)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Thanks for the links. So I tried what you suggested and for testing, I was using this simple config:-

http_port 8080
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
external_acl_type checkclient children-max=20 %MYADDR %LOGIN /usr/local/squidauth.py
acl authenticated external checkclient
http_access allow authenticated
cache deny all
forwarded_for delete
request_header_access Via deny all

I made sure that the squidauth.py file was executable and when debugging, I found that the helper processes were running. But nothing was getting passed to the helper processes. In the python code, I was running a loop which reads lines from the stdin and parses them and writes output to the stdout. I checked and it wasn't getting anything from stdin. (I added a line which reads the input line from stdin and sends it to another server through a http request to make sure if it was getting anything from stdin at all)

But, when I tried to use the proxy(and of course I was using a username and password that was stored in /etc/squid/passwords), I kept getting the error that authentication required, i.e. the server was sending back the header Proxy-Authenticate: Basic realm="proxy". I am not sure what I am doing wrong here.

With regards,
Sonya Roy

On Tue, Jun 20, 2017 at 2:49 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 20/06/17 09:15, Amos Jeffries wrote:
On 20/06/17 03:20, Sonya Roy wrote:
Since you are saying the IP that can be passed to the helpers is
configurable, how would I pass the local IP of the server that the
client connected to?

I checked out the helpers you mentioned, there they check which IP the
connection is coming from. Not the local IP of the server that the
client is connected to and they are using %SRC for that.

The external ACL helpers don't know one IP from any other. They simply
check what is given to them against some form of username+ip mapping.


 [ with the correct links ]

In Squid-3.5 that would be %MYADDR
 <http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html>.

In Squid-4+ it would be %>la
 <http://www.squid-cache.org/Versions/v3/3.5/cfgman/logformat.html>


Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux