Search squid archive

Re: Upstream Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/15/22 09:51, Johnathan Hasty wrote:
I’ve been trying to hand off credentials to our upstream proxy GoGuardian and have been facing many issues.
What HTTP authentication method(s) or scheme(s) does your upstream proxy support or require? 



HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Secure Browsing"
This is not my area of expertise, but the above error message suggests that the proxy wants to do HTTP Basic authentication, but you are configuring Squid to use NEGOTIATE, so perhaps you should switch to Basic as the next step in your triage, just to get something working (cache_peer ... login=user:password)?
Sharing what CONNECT request headers Squid sends to the parent proxy may be useful as well, but do not use any secrets in your test traffic if you are going to share such details. If you still have that cache.log, look for "Tunnel Server REQUEST" associated with conn2126. 


HTH,

Alex.
Has anyone gotten Squid to successfully hand off to GoGuardian as their upstream proxy? 

Advanced ACLs:
cache_peer gateway.goguardian.com parent 443 0 no-query no-digest no-netdb-exchange connect-timeout=60 default tls login=NEGOTIATE:principal_name sslcapath=/usr/local/share/ca-certificates/ 

cache_peer_access gateway.goguardian.com allow all

never_direct allow all

Log snipit:
2022/06/30 15:22:49.198 kid1| 5,3| IoCallback.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fIoCallback.cc&c=E,1,tkT-dyHiVAqZoP7tVfxLk3RVYLyb_avXd27fXGqjJMTzNKPAGHmmvW9pXYcC425jST0ZYFFPwV4uHf3fKHuux40xkg9kXWTzOHPdGV5BNGbILyA,&typo=1&ancr_add=1>(112) finish: called for conn2126 local=10.56.1.3:59674 <http://10.56.1.3:59674> remote=18.213.126.143:443 <http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1 (0, 0)
2022/06/30 15:22:49.198 kid1| 93,3| AsyncCall.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncCall.cc&c=E,1,DRAaKArrkDvBn0UuKG4CO_yXvblIrZBSYHpMpA4H7oRhEraoEzGxMCRwZJpYUsTM63vFW1Co7R0A33jgXq0EZyS1JcelCRUFXLjE5tQ-siWuoU0bbvc,&typo=1&ancr_add=1>(96) ScheduleCall: IoCallback.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fIoCallback.cc&c=E,1,bCxz0FVR5jkr6lvnOvzW7e6G8tQBNRlVCCbel3ASQC74rRdj29Wxcj66G7Jit7W9Qdbz8catGFZxEEbA6bR1lmzxqhKOAxPRfaraHkB0Kq0,&typo=1&ancr_add=1>(131) will call Http::Tunneler::handleReadyRead(conn2126 local=10.56.1.3:59674 <http://10.56.1.3:59674> remote=18.213.126.143:443 <http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1, data=0x55849f4926c8) [call548666]
2022/06/30 15:22:49.198 kid1| 93,3| AsyncCallQueue.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncCallQueue.cc&c=E,1,Ne0y7JJW7fBc_1MyCR5zK2LlFshqIfjXRI-DDHdH5PeY44sZtFyGkRMXgYLpMqHYj17Z8PToa57tNyAfAp6EUkVwM3SHgK37ObzCJYBj&typo=1&ancr_add=1>(59) fireNext: entering Http::Tunneler::handleReadyRead(conn2126 local=10.56.1.3:59674 <http://10.56.1.3:59674> remote=18.213.126.143:443 <http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1, data=0x55849f4926c8)
2022/06/30 15:22:49.198 kid1| 93,3| AsyncCall.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncCall.cc&c=E,1,o0OzDC7879yEvRQoXyqb11XnNW2f6RJwmh1OP5vYSK4ukmnOFcBmRwtorjA94HFXF2MO38TdGcH68cNv4LkX122TcPK1Gwh5xQXTTnzhZCk0N4c,&typo=1&ancr_add=1>(41) make: make call Http::Tunneler::handleReadyRead [call548666]
2022/06/30 15:22:49.198 kid1| 93,3| AsyncJob.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fAsyncJob.cc&c=E,1,0XdqwD1hHo1N94DousFFhRiwV1YBiWmgmGgnmN3ivpK14dkV-pET6DcSkS2X_BoPOU0rcff0Z8GMOM6Se71G_crDtF1V4AWKNym2mjdbxuqKI47TC0GqeVQ,&typo=1&ancr_add=1>(123) callStart: Http::Tunneler status in: [state:w FD 24 job3836]
2022/06/30 15:22:49.198 kid1| 83,3| Session.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fSession.cc&c=E,1,5pwOO8oysGpMl2UW2Xm5P9KkR_3HsM1xcAdWaqJ5W67u3ht9dZCWWqKu-yt1JrDyn7NvUNMMfVsPhYQQ6rNYqmGGLwDuReUm7h6KmDVvRXk9hFQ,&typo=1&ancr_add=1>(36) tls_read_method: started for session=0x55849f86d970
2022/06/30 15:22:49.198 kid1| 5,3| Read.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fRead.cc&c=E,1,YRndcJz2bAhwR1PdmoQI8sRvkmjGdcO5EIyIIpp4iqwmuG7h-eaf-3lfNBR39-ZO7iGAxJ7K0S_cHbSgNtNlm0fjWnm8WFDq58f6THu4DI699rCS7t0,&typo=1&ancr_add=1>(93) ReadNow: conn2126 local=10.56.1.3:59674 <http://10.56.1.3:59674> remote=18.213.126.143:443 <http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1, size 65535, retval 172, errno 0
2022/06/30 15:22:49.198 kid1| 11,2| HttpTunneler.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fHttpTunneler.cc&c=E,1,7NW0kgZsy7tR63h5jeGLIfWqkf7MZMOiNKoehdSMu4P8C_Cyj5_2ApYRUA6cZWFOqSGAjikQJc_BpXOW4-kzssgabw7mHmj9JehJw69jCPqdH0f2XA,,&typo=1&ancr_add=1>(328) handleResponse: Tunnel Server conn2126 local=10.56.1.3:59674 <http://10.56.1.3:59674> remote=18.213.126.143:443 <http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1
2022/06/30 15:22:49.198 kid1| 11,2| HttpTunneler.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fHttpTunneler.cc&c=E,1,3NizLysV5Gx9r_j5gTGoxUw_3T9zdjGtQ-DV4EhtvlwXKEzULXHluYnJByOJiEPPnVnNQqchSO6-31x_mXrtC-9VAHF1Rvi3G4KI9KdJOjbjUelpts2rPuVSNQ,,&typo=1&ancr_add=1>(329) handleResponse: Tunnel Server RESPONSE: 

---------

HTTP/1.1 407 Proxy Authentication Required

Proxy-Authenticate: Basic realm="Secure Browsing"

Date: Thu, 30 Jun 2022 15:22:49 GMT

Content-Length: 0

Connection: close

----------
2022/06/30 15:22:49.198 kid1| 83,3| HttpTunneler.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fHttpTunneler.cc&c=E,1,GviZgdhx9RYhEwKjYE8dVgxbEl8iol-igCMYAgae4yqcKPIFswYtt6EwZhF84hnL-ef9RpuZwEHsx85Xll9B5Gfbg7d2dHfIF34rKZsAxv6qOdMumpxPDQ,,&typo=1&ancr_add=1>(350) bailOnResponseError: unsupported CONNECT response status code [state:w FD 24 job3836]
2022/06/30 15:22:49.198 kid1| TCP connection to gateway.goguardian.com/443 <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fgateway.goguardian.com%2f443&c=E,1,uAPXOfc9RgeMJ4nUQAbfSdcSO5Uq43sRY-gZmY85itIayxn-UVioUUW3XRszjHa-yYb6rECJlsja0UO3JoB46gLeuYZSjXkRbee8lCx9qDg8UMVty1UFtdYA&typo=1> failed 

     current master transaction: master1228
2022/06/30 15:22:49.198 kid1| 15,2| neighbors.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fneighbors.cc&c=E,1,A9XtxL5DCKCd251CIXugkhx4aCzF9hXbpTke-TobSR1fyAJvDoqwTFq1cEcOoZJtiMbGKIRMTAdNo4BJFSkXvu8VJe16TUWacR3bLvbydug1knZSGkBYCZ0,&typo=1&ancr_add=1>(1284) peerConnectFailedSilent: TCP connection to gateway.goguardian.com/443 <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fgateway.goguardian.com%2f443&c=E,1,dGVDR_a1JorHZeL7cCLZZYEKPcdKNP8q3xqZrI0znu3mp7ytE8irVnBC73FhdcWJ5M0-LWIn2Mn0GzYRz6V0M_GYqDtl_rvKTY_dWhrXIAFI1UpgdRqKz0hp&typo=1> dead
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,_FSTyaiA0rkYHZ4Z7eAL4TwtVx69LC8zbzD277h9yuyffbapL47ZpB_oWH20eRbFct1TQy0vmI_r1caTRPIqNuxhiZ7iYIATofZyGH8m1ZkJn-_Pj74,&typo=1&ancr_add=1>(597) commUnsetConnTimeout: Remove timeout for conn2126 local=10.56.1.3:59674 <http://10.56.1.3:59674> remote=18.213.126.143:443 <http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,2X_UeJ7syPVMh46zfITvmAcOXeJskvfXEcgk8IyJC4YzRQfPu92bh2NzVodZ0n4ZRK7THXkr0YSUqM7xqyqJCvdnyd9FAu6HfF5w6S0BZI45WZI8zKdCZe8,&typo=1&ancr_add=1>(571) commSetConnTimeout: conn2126 local=10.56.1.3:59674 <http://10.56.1.3:59674> remote=18.213.126.143:443 <http://18.213.126.143:443> FIRSTUP_PARENT FD 24 flags=1 timeout -1
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,FfkOe7rgvl24KtYbMnfkVwBEdxcDHC1Qli-TWnd49Qh8gDEi83POkLUjbin88NBj9wz0eUa5EXJAjwxomX4QO4zLvkDabeKXKYlG6AdnYeWwBQX65a999EDQfHg,&typo=1&ancr_add=1>(877) _comm_close: start closing FD 24 by Connection.cc:108 <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fConnection.cc%3a108&c=E,1,WyC_uIlGcAERUMOzZEzNpvTD0VNtdyMCu8_98mxi45Tfb8tS1Sk-xPVV7uo29dppxC6E7neNtZYKqy1MhMyuLt8f0VUXYaTTfg2ke0mgXESQjraUm9zxRlRV&typo=1&ancr_add=1>
2022/06/30 15:22:49.198 kid1| 5,3| comm.cc <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcomm.cc&c=E,1,3Gy87egR90ZnusSy5exBZU0res4kBdHXTtCKE_jPDFJ67k-PY9AWyJYQlbMs93MRcEX4tmriDwIFkUn6n7F57YT-OWPTUDgMXKLJDMijoQr3ETZ_4qmLyO3mxoc,&typo=1&ancr_add=1>(558) commUnsetFdTimeout: Remove timeout for FD 24 


Best Regards,

Johnathan

*_______________________________________________________*

**

*Johnathan Hasty*

Senior DevOps Engineer

Uncommon Schools

C: 989.366.1672

*Un*common Schools | Change History
Website <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.uncommonschools.org%2f&c=E,1,cWhZ9NA37cAb3SSkIYkr5EbwjBXA_1ECEBWI1BpFOMixjdXiqIYF5NH_rpjuRqGzBt9Av6GCLPt7UYFH62vFjyLlBBvmIAwJtSORWZeE&typo=1> | Facebook <http://www.facebook.com/uncommonschools> | Twitter <http://www.twitter.com/uncommonschools> | LinkedIn <http://www.linkedin.com/company/124759?trk=tyah> | Apply Now <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.uncommonschools.org%2fcareers&c=E,1,rgbpQND7NOQlb8Jv2r2mLOBnCdzuRSxPkW0uIyooMP2TwhUotzeHZQjvRKQyUr3gDLWXSyG1jhOH92Ub7jL9_5wTQc42_HkbPCyQS5oyArE,&typo=1> 


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux