On 20/06/17 10:50, Sonya Roy wrote:
Hi, Thanks for the links. So I tried what you suggested and for testing, I was using this simple config:- http_port 8080 auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords auth_param basic realm proxy external_acl_type checkclient children-max=20 %MYADDR %LOGIN /usr/local/squidauth.py acl authenticated external checkclient http_access allow authenticated cache deny all forwarded_for delete request_header_access Via deny all I made sure that the squidauth.py file was executable and when debugging, I found that the helper processes were running. But nothing was getting passed to the helper processes. In the python code, I was running a loop which reads lines from the stdin and parses them and writes output to the stdout. I checked and it wasn't getting anything from stdin. (I added a line which reads the input line from stdin and sends it to another server through a http request to make sure if it was getting anything from stdin at all) But, when I tried to use the proxy(and of course I was using a username and password that was stored in /etc/squid/passwords), I kept getting the error that authentication required, i.e. the server was sending back the header Proxy-Authenticate: Basic realm="proxy". I am not sure what I am doing wrong here.
Sounds to me like the auth_param helper is not accepting the credentials you are testing with. The %LOGIN parameter needs auth to be completed successfully before the ACL helper is called with the resulting username.
Note that the NCSA helper uses a database file (/etc/squid/passwords) of hashes encoded by the Apache htpasswd tool. It is not a plain-text nor Unix passwd file, that difference catches some people out.
To simplify what is going on I would use the following config sequence: acl login proxy_auth REQUIRED http_access deny !login acl userip_check external checkclient http_access allow userip_check http_access deny all Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
