[squid-users] Can not pass Squid basic authentication

Amos Jeffries squid3 at treenet.co.nz
Thu Oct 1 13:13:43 UTC 2015


On 1/10/2015 10:41 p.m., birbird wrote:
> Hi All,
> 
> 
> I have setup basic authentication for Squid, but I can not get passed from browser, just asked to inpu user/password time and time again.
> 
> 
> I was stuck at, the command
> /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> dose not give any output. I think it means squid can not get the authentication info. But I have no idea what to do next.
> 
> 
> I create my password by
> htpasswd -d /etc/squid/squid_passwd dan

Try using -m instead of -d.

> 
> 
> My squid config is
> auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> acl ncsa_users proxy_auth REQUIRED
> 
> http_access allow ncsa_users
> 

Is that the entire acces control configuration?

If so, it is missing the basic security protections against tunnel abuse
and protocol smuggling. aka;

  http_access deny !Safe_ports
  http_access deny CONNECT !SSL_Ports

These should be above the auth checks to reduce DoS vulnerabilities.

Amos


More information about the squid-users mailing list