[squid-users] Query about login=pass

Amos Jeffries squid3 at treenet.co.nz
Sun Apr 3 23:54:46 UTC 2016

On 4/04/2016 12:46 a.m., Sreenath BH wrote:
> Hi Amos,
> Thanks for the information.
> We are not using any helpers in the first squid, no ICAP/rCAP as well.

Aha. That will be the problem then. With no helper to make Squid aware
that there is anything special about the WWW-Auth headers they will get
dropped on arrival.
Note that Authorization header going out from Squid to the origin is
*Squid* login to the origin, not the clients. WWW-Auth is only passed
through forward-proxy.

> I remember seeing that the copyHeaders function was actually copying
> the Authorization header, but not sending it out. Since our servers
> have been rebooted unfortunately I can not provide the log file
> contents here.
> If I change login=PASS to login=PASSTHRU, will squid always send all
> received headers upstream.

Yes Squid will send the auth credentials from the client as its own. And
send the origins challenge (if any) back to the client.

> Also you mention that if the upstream server "does not request login"
> squid will not send Authentication headers. How does one make the
> upstream ask for Basic authorization?

That is software specific config, so I can't say specifically what you
will need.


More information about the squid-users mailing list