[squid-users] nonce_garbage_interval problem?

Athos Fiolo afiolo at came.com
Thu Oct 22 09:58:56 UTC 2015 

Hi, I'm facing a problem with the digest auth server responses.

Client requests a page, server responds with 407 + nonce, client gets the page correctly.
At every "200 OK" response the server sends a "Proxy-Authentication-Info: nextnonce ..." header, even if the "nonce_garbage_interval" is 5 minutes.
Client then tries to get the next page using the same auth data used before (this is a client problem, not involving squid), gets a  407 + new nonce, then gets correctly the page making a new request with the new auth params.

The Squid problem here is that the server gives the "nextnonce" header in every "200 OK" response.

POST http://my.server.com/my/page HTTP/1.1
[...]

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: [digest info, nonce="<nonce1>"]
[...]

POST http://my.server.com/my/page HTTP/1.1
Proxy-Authorization: [digest info, nonce="<nonce1>"]
[...]

HTTP/1.1 200 OK
Proxy-Authentication-Info: nextnonce="<nonce2>"
[...]
(gives a new nonce at every 200 OK answer)

POST http://my.server.com/my/page HTTP/1.1
Proxy-Authorization: [digest info, nonce="<nonce1>"]
[...]
(client using the old auth params..)

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: [digest info, nonce="<nonce3>"]
[...]

POST http://my.server.com/my/page HTTP/1.1
Proxy-Authorization: [digest info, nonce=" <nonce3>"]
[...]

HTTP/1.1 200 OK
Proxy-Authentication-Info: nextnonce="<nonce4>"
[...]

...

squid.conf digest settings:

#  TAG: auth_param
auth_param digest program /usr/bin/php /etc/squid3/mydigestscript.php
auth_param digest children 5
auth_param digest realm MyProxyRealm
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 2 hours
auth_param digest nonce_max_count 50

Any suggestion?


Athos Fiolo
Software Engineer
afiolo at came.com
<http://www.came.com/>[cid:CAME.png]<http://www.came.com>
Came S.p.A.
Sede Legale e Operativa: Via Martiri della Libert?, 15 - 31030 Dosson di Casier - Treviso - Italy
Tel. (+39) 0422 4940 - Fax (+39) 0422 4941 - info at came.com<mailto:info at came.com> - www.came.com<http://www.came.com>

Sede Operativa: Via Cornia, 1/b,c - 33079 Sesto al Reghena - Pordenone - Italy
Tel. (+39) 0434 698111 - Fax (+39) 0434 698434 - infobpt at came.com<mailto:infobpt at came.com> - www.bpt.it<http://www.bpt.it>
[cid:LogoExpo.png]

[cid:facebook.png]<https://www.facebook.com/pages/CAME-Italia/1604586846431438?ref=hl> [cid:twitter.png] <https://twitter.com/cameglobal>  [cid:youtube.png] <https://www.youtube.com/user/CameChannel>  [cid:linkedin.png] <https://www.linkedin.com/company/came?trk=top_nav_home>

[cid:FooterCAME.png]

Il messaggio di posta elettronica contiene informazioni di carattere confidenziale specifiche per il destinatario. Nel caso non ne siate il destinatario, segnalatelo immediatamente al mittente ed eliminate dai vostri archivi quanto ricevuto (compresi i file allegati). L'uso, la diffusione, distribuzione o riproduzione del presente messaggio e dei suoi allegati da parte di ogni altra persona costituisce reato. Rif. Decreto legislativo 30 giugno 2003, n. 196 - Codice in materia di protezione dei dati personali.

The email message contains confidential information specific to the recipient. If you are not the recipient, write it to the sender immediately and delete from your files as received (including file attachments). Use, dissemination, distribution or reproduction of this message and its attachments by any other person is a criminal offense. References Legislative Decree 30 June 2003, n. 196 - Code for the protection of personal data.

Right to opposition:
The person concerned who receives the message has the right at any time to oppose its processing for forwarding commercial messages, advertising material or direct sales proposals, by clicking on the e-mail address below (or by traditional postal services by writing to: Came S.p.A., Via Martiri della Libert? 15, 31030 Dosson di Casier (TV) - Italy, or by sending a fax to +39 0422 4941. Furthermore the person concerned may exercise all the rights of access to the personal data as provided by art. 7, Legislative Decree no. 196/2003, including the rights to amendment, updating and deletion, by sending an e-mail to privacy at came.com<mailto:privacy at came.com>.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CAME.png
Type: image/png
Size: 2939 bytes
Desc: CAME.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LogoExpo.png
Type: image/png
Size: 23145 bytes
Desc: LogoExpo.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: facebook.png
Type: image/png
Size: 1289 bytes
Desc: facebook.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter.png
Type: image/png
Size: 1334 bytes
Desc: twitter.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: youtube.png
Type: image/png
Size: 1403 bytes
Desc: youtube.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin.png
Type: image/png
Size: 1323 bytes
Desc: linkedin.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FooterCAME.png
Type: image/png
Size: 23373 bytes
Desc: FooterCAME.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151022/a504bbab/attachment-0013.png>

More information about the squid-users mailing list