[squid-users] Squid authentication problem (Amos Jeffries)
Sonya Roy
sonyaroy75 at gmail.com
Mon Jun 19 22:50:49 UTC 2017
Hi,
Thanks for the links. So I tried what you suggested and for testing, I was
using this simple config:-
http_port 8080
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
external_acl_type checkclient children-max=20 %MYADDR %LOGIN
/usr/local/squidauth.py
acl authenticated external checkclient
http_access allow authenticated
cache deny all
forwarded_for delete
request_header_access Via deny all
I made sure that the squidauth.py file was executable and when debugging, I
found that the helper processes were running. But nothing was getting
passed to the helper processes. In the python code, I was running a loop
which reads lines from the stdin and parses them and writes output to the
stdout. I checked and it wasn't getting anything from stdin. (I added a
line which reads the input line from stdin and sends it to another server
through a http request to make sure if it was getting anything from stdin
at all)
But, when I tried to use the proxy(and of course I was using a username and
password that was stored in /etc/squid/passwords), I kept getting the error
that authentication required, i.e. the server was sending back the header
Proxy-Authenticate: Basic realm="proxy". I am not sure what I am doing
wrong here.
With regards,
Sonya Roy
On Tue, Jun 20, 2017 at 2:49 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 20/06/17 09:15, Amos Jeffries wrote:
>
>> On 20/06/17 03:20, Sonya Roy wrote:
>>
>>> Since you are saying the IP that can be passed to the helpers is
>>> configurable, how would I pass the local IP of the server that the
>>> client connected to?
>>>
>>> I checked out the helpers you mentioned, there they check which IP the
>>> connection is coming from. Not the local IP of the server that the
>>> client is connected to and they are using %SRC for that.
>>>
>>
>> The external ACL helpers don't know one IP from any other. They simply
>> check what is given to them against some form of username+ip mapping.
>>
>>
> [ with the correct links ]
>
>>
>> In Squid-3.5 that would be %MYADDR
>> <http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html
>> >.
>>
>> In Squid-4+ it would be %>la
>> <http://www.squid-cache.org/Versions/v3/3.5/cfgman/logformat.html>
>>
>>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170620/f10ce2f1/attachment-0001.html>
More information about the squid-users
mailing list