[squid-users] Squid automatically deleted the Proxy-Authenticate header

Amos Jeffries squid3 at treenet.co.nz
Fri Aug 5 14:11:02 UTC 2016 

On 5/08/2016 2:25 p.m., Do John wrote:
> Hi All,
> 
> I'm Akhaice.
> # And now, thanks for developers and maintainers at all times.
> 
> I'm using squid-3.5.16.
> Recently I upgraded from squid-3.1 to squid-3.5.
> 

Please upgrade to 3.5.20, or at least 3.5.19 if you can. There are quite
a few major bugs and security issues fixed in the latest releases.
 Though I don't expect the problem you are mentioning here to be one of
them.

> And I've been using ICAP Server that has authentication function.
> 
> I configured that users needed authentication when they access web site.
> The authentication function were provided by ICAP Server.
> 
> When ICAP Server return response code 407 with "Proxy-Authenticate" header,
> Client browser was not able to receive this header and display
> authentication dialog.
> 
> I captured packets in two places.
> One is between squid and ICAP server. The other is between squid and Client
> browser.
> 
> The header information is as follows.
> ==================================================
> + From ICAP Server to Squid
> 
> ICAP/1.0 200 OK
> Server: TEST-ICAP
> ISTag: "TEST-ICAP"
> Date: Thu, 04 Aug 2016 03:05:34 GMT
> Cache-Control: no-cache
> Connection: close
> Encapsulated: res-hdr=0, res-body=232
> 
> HTTP/1.1 407 Proxy Authentication Required
> Proxy-Connection: close
> Content-Type: text/html; charset=utf-8
> Proxy-Authenticate: Basic realm="TESTAUTH"
> Pragma: no-cache
> Expires: Tue, 2 2001 20:00:00 GMT
> Content-Length: 2349
> 
> ==================================================
> + From Squid to Client browser
> 
> HTTP/1.1 407 Proxy Authentication Required
> Date: Thu, 04 Aug 2016 03:05:34 GMT
> Content-Type: text/html; charset=utf-8
> Pragma: no-cache
> Expires: Tue, 2 2001 20:00:00 GMT
> Content-Length: 2349
> X-Cache: MISS from proxyserver.local
> Connection: keep-alive
> ==================================================
> 
> I found that Squid-3.5 automatically deleted the Proxy-Authenticate header.
> 
> Is it the correct behavior on squid-3.5 ?
> How can I make client browser get Proxy-Authenticate header?

Is this an explicit/forward proxy or reverse proxy or interceptor?

How did you have it working in 3.1? It should not have worked any
differently then either.

Amos

More information about the squid-users mailing list