[squid-users] random forward proxy authentication pop-up

Berkes, David David.J.Berkes at pjc.com
Mon Jul 27 16:21:32 UTC 2015 

Here is the information requested.  From the log, everything looks to be normal.  The log example is from the cdn0.vox-cdn.com traffic.




**** ORIGIN URL's
pixel.adsafeprotected.com
cdn0.vox-cdn.com
sb.scorecardresearch.com

**** SQUID LOG
access.log.2:1437683164.693      0 70.197.241.219 TCP_DENIED/407 4213 CONNECT cdn0.vox-cdn.com:443 - HIER_NONE/- text/html
access.log.2:1437683164.815      0 70.197.241.219 TCP_DENIED/407 4213 CONNECT cdn0.vox-cdn.com:443 - HIER_NONE/- text/html
access.log.2:1437683164.815      0 70.197.241.219 TCP_DENIED/407 4213 CONNECT cdn0.vox-cdn.com:443 - HIER_NONE/- text/html
access.log.2:1437683164.816      0 70.197.241.219 TCP_DENIED/407 4213 CONNECT cdn0.vox-cdn.com:443 - HIER_NONE/- text/html
access.log.2:1437683164.816      0 70.197.241.219 TCP_DENIED/407 4213 CONNECT cdn0.vox-cdn.com:443 - HIER_NONE/- text/html
access.log.2:1437683164.816      0 70.197.241.219 TCP_DENIED/407 4213 CONNECT cdn0.vox-cdn.com:443 - HIER_NONE/- text/html
access.log.2:1437683166.464   1590 70.197.241.219 TCP_TUNNEL/200 29114 CONNECT cdn0.vox-cdn.com:443 proxyid HIER_DIRECT/54.192.120.85 -
access.log.2:1437683166.464   1590 70.197.241.219 TCP_TUNNEL/200 72579 CONNECT cdn0.vox-cdn.com:443 proxyid HIER_DIRECT/54.192.120.85 -
access.log.2:1437683166.464   1582 70.197.241.219 TCP_TUNNEL/200 39476 CONNECT cdn0.vox-cdn.com:443 proxyid HIER_DIRECT/54.192.120.85 -
access.log.2:1437683166.464   1583 70.197.241.219 TCP_TUNNEL/200 5909 CONNECT cdn0.vox-cdn.com:443 proxyid HIER_DIRECT/54.192.120.85 -
access.log.2:1437683167.244   2354 70.197.241.219 TCP_TUNNEL/200 59238 CONNECT cdn0.vox-cdn.com:443 proxyid HIER_DIRECT/54.192.120.85 -
access.log.2:1437683167.244   2362 70.197.241.219 TCP_TUNNEL/200 75369 CONNECT cdn0.vox-cdn.com:443 proxyid HIER_DIRECT/54.192.120.85 -

**** CONFIG
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive on

acl whitelist1 dstdomain pipergo.pjc.com .apple.com .yahoo.com .wp.com
acl whitelist2 dstdom_regex (^|\.)*img\.com$
acl ncsa_users proxy_auth REQUIRED

http_access allow whitelist1
http_access allow whitelist2
http_access allow ncsa_users
http_access deny all

cache_mem 4096 MB
memory_cache_mode always
refresh_pattern . 1440 100% 525949 ignore-auth
cache_dir aufs /squid/cache 40000 128 512
maximum_object_size 200 MB
maximum_object_size_in_memory 2 MB
cache_swap_low 90
cache_swap_high 95
buffered_logs on

#
half_closed_clients off
memory_pools off

# DNS-record cache
ipcache_size 10240
ipcache_low 90
ipcache_high 95
negative_dns_ttl 5 minutes

# listening port
http_port 3128

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Antony Stone
Sent: Monday, July 27, 2015 11:08 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] random forward proxy authentication pop-up

On Monday 27 Jul 2015 at 16:53, Berkes, David wrote:

> I have squid configured as a forward proxy with basic authentication.
> All traffic flows as expected, but periodically I get an
> authentication pop-up indicating an origin server is requiring
> credentials.  I check the URL via non-proxy browser and does not ask
> for proxy credentials?  So to summarize.  Some origin URL's past the
> forward proxy are asking for basic authentication credentials.  These
> are not secured with authentication, but give me a pop-up asking for
> credentials?  Any help would be appreciated.

It would help if you gave us:

a) an example URL which demonstrates this behaviour

b) the corresponding entries from your Squid access log when the above described behaviour occurs

c) your squid.conf without comments or blank lines.

Without the above information we'd just be guessing at what an unknown squid configuration does with an unknown URL, and we don't have the log file to debug the problem.


Regards,


Antony.

--
"The problem with television is that the people must sit and keep their eyes glued on a screen; the average American family hasn't time for it."

 - New York Times, following a demonstration at the 1939 World's Fair.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
________________________________


Piper Jaffray & Co. Since 1895. Member SIPC and NYSE. Learn more at www.piperjaffray.com. Piper Jaffray corporate headquarters is located at 800 Nicollet Mall, Minneapolis, MN 55402.

Piper Jaffray outgoing and incoming e-mail is electronically archived and recorded and is subject to review, monitoring and/or disclosure to someone other than the recipient. This e-mail may be considered an advertisement or solicitation for purposes of regulation of commercial electronic mail messages. If you do not wish to receive commercial e-mail communications from Piper Jaffray, go to: www.piperjaffray.com/do_not_email to review the details and submit your request to be added to the Piper Jaffray "Do Not E-mail Registry." For additional disclosure information see www.piperjaffray.com/disclosures

More information about the squid-users mailing list