[squid-users] Query about login=pass
Amos Jeffries
squid3 at treenet.co.nz
Sun Apr 3 23:54:46 UTC 2016
On 4/04/2016 12:46 a.m., Sreenath BH wrote:
> Hi Amos,
>
> Thanks for the information.
> We are not using any helpers in the first squid, no ICAP/rCAP as well.
Aha. That will be the problem then. With no helper to make Squid aware
that there is anything special about the WWW-Auth headers they will get
dropped on arrival.
Note that Authorization header going out from Squid to the origin is
*Squid* login to the origin, not the clients. WWW-Auth is only passed
through forward-proxy.
>
> I remember seeing that the copyHeaders function was actually copying
> the Authorization header, but not sending it out. Since our servers
> have been rebooted unfortunately I can not provide the log file
> contents here.
>
> If I change login=PASS to login=PASSTHRU, will squid always send all
> received headers upstream.
Yes Squid will send the auth credentials from the client as its own. And
send the origins challenge (if any) back to the client.
>
> Also you mention that if the upstream server "does not request login"
> squid will not send Authentication headers. How does one make the
> upstream ask for Basic authorization?
That is software specific config, so I can't say specifically what you
will need.
Amos
More information about the squid-users
mailing list