https proxy authentication

Adam Weremczuk <adamw@xxxxxxxxxxxxxxxxx> · Thu, 29 Mar 2018 16:24:11 +0100



    Hi all,

      
      I have a solution in place with a dedicated squid LXC container (v
      3.1.20-2.2).

      Both http and https proxy run on default port 3128.

      Https in tunneled in http using CONNECT.

      There is no authentication in place and both are working fine.

      
      For testing purposes we also use an Apache (v 2.2.22-13) proxy
      forwarder running on a different machine on port 80 as "aproxy".

    
    Config below:

      
      # Authenticated proxy for testing purposes

      # We forward http/s requests to the local proxy server

      ProxyRequests On

      ProxyVia On

      ProxyRemote http http://proxy.example.internal:3128

      ProxyRemote https http://proxy.example.internal:3128

      ProxyDomain .example.internal

      NoProxy .example.internal 192.168.x.x/22

      <Proxy *>

         Order Deny,Allow

         Deny from all

         Allow from 192.168.x.x/22

         AuthType Basic

         AuthName ProxyAuth

         AuthUserFile /etc/apache2/proxypasswd

         Require valid-user

      </Proxy>

      
      This is working as expected for http requests:

      
      1. Unauthenticated (failure):

      
      $ http_proxy=http://aproxy:80

      $ wget http://example.com 2>&1 | grep response

      Proxy request sent, awaiting response... 407 Proxy
        Authentication Required

      
      2. Username with password (success):

      
      $ http_proxy=http://username1:password@aproxy:80

      $ wget http://example.com 2>&1 | grep response

      Proxy request sent, awaiting response... 200 OK

      
      3. Username without password (success):

      
      $ http_proxy=http://username2:@aproxy:80

      $ wget http://example.com 2>&1 | grep response

      Proxy request sent, awaiting response... 200 OK

      
      My PROBLEM is I can't find a way to use authentication for
      proxied https requests.

      
      From a LAN client trying to establish connection:

      
      $ echo $http_proxy

      http://username1:password@aproxy:80

      
    $ echo $https_proxy

      http://username1:password@aproxy:80

      
    $ wget --server-response https://example.com 2>&1

      --2018-03-29 15:20:44--  https://example.com/

      Resolving aproxy (aproxy)... 192.168.x.x

      Connecting to aproxy (aproxy)|192.168.x.x|:80... connected.

      Proxy tunneling failed: Service Temporarily
        UnavailableUnable to establish SSL connection.

      
      On "aproxy" only one line in apache error log (even in debug
      mode):

      
      [Thu Mar 29 15:21:59 2018] [error] (111)Connection refused:
        proxy: CONNECT: attempt to connect to 93.184.216.34:443
        (example.com) failed

      
      Nothing is logged on squid "proxy" which is the next hop.

      
      What's the easiest way to enable authenticated https proxying?

      I don't want to enable it for our main production proxy:3128

      Or maybe it's already supposed to work but I'm missing something?

      
      Please advise.

      
      Thanks

      Adam

    
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users