<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><br class="">I have an issue with my browser and squid where they both seem to be stuck in an infinite loop of denied requests.<div class="">I have a a helper script that authenticates the user. The script works. Here is an example of the output of authentication </div><div class="">being successful and not successful.</div><div class=""><br class=""></div><div class=""><ol class="" style="color: rgb(102, 102, 102); list-style: decimal-leading-zero; font-family: monospace; font-size: 13.3333px; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><li class="li2" style="background-color: rgb(255, 255, 221); color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;"><span class="br0">[</span>root@<span class="nu0">1</span> ~<span class="br0">]</span># /etc/squid/authenticate.php</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">test1 test1</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">OK</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">test1 test2</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">ERR login failure</div></li></ol><div class="">So, I am sending the right info back to squid. When I authenticate successfully then squid and my browser play nice and there is no power struggle.</div></div><div class="">If the authentication fails then I get this:</div><div class=""><br class=""></div><div class=""><ol class="" style="color: rgb(102, 102, 102); list-style: decimal-leading-zero; font-family: monospace; font-size: 13.3333px; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.143</span>     <span class="nu0">24</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4245</span> CONNECT <a href="http://www.google.com" class="">www.google.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.143</span>     <span class="nu0">25</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4253</span> CONNECT <a href="http://www.facebook.com" class="">www.facebook.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;"><span class="nu0">1476120287.143</span>     <span class="nu0">25</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4245</span> CONNECT <a href="http://www.google.com" class="">www.google.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.216</span>     <span class="nu0">18</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4293</span> CONNECT <a href="http://www.facebook.com" class="">www.facebook.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.216</span>      <span class="nu0">9</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4245</span> CONNECT <a href="http://www.google.com" class="">www.google.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.216</span>     <span class="nu0">15</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4253</span> CONNECT <a href="http://www.facebook.com" class="">www.facebook.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.216</span>     <span class="nu0">15</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4245</span> CONNECT <a href="http://www.google.com" class="">www.google.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;"><span class="nu0">1476120287.216</span>     <span class="nu0">15</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4245</span> CONNECT <a href="http://www.google.com" class="">www.google.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.216</span>     <span class="nu0">15</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4245</span> CONNECT <a href="http://www.google.com" class="">www.google.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"><span class="nu0">1476120287.216</span>     <span class="nu0">15</span> <span class="nu0">45.63</span><span class="nu0">.40</span><span class="nu0">.55</span> TCP_DENIED/<span class="nu0">407</span> <span class="nu0">4245</span> CONNECT <a href="http://www.google.com" class="">www.google.com</a>:<span class="nu0">443</span> test HIER_NONE/- text/html</div></li></ol><div class=""><br class=""></div></div><div class="">Here is my squid config:</div><div class=""><br class=""></div><div class=""><ol class="" style="color: rgb(102, 102, 102); list-style: decimal-leading-zero; font-family: monospace; font-size: 13.3333px; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><li class="li1" style="background-color: rgb(255, 255, 221); color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">#</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"># Recommended minimum configuration:</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">#</div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"># Example rule allowing access from your local networks.</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"># Adapt to list your <span class="br0">(</span>internal<span class="br0">)</span> IP networks from where browsing</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"># should be allowed</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl localnet src <span class="nu0">10.0</span><span class="nu0">.0</span><span class="nu0">.0</span>/<span class="nu0">8</span>     # RFC1918 possible internal network</div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">acl localnet src <span class="nu0">172.16</span><span class="nu0">.0</span><span class="nu0">.0</span>/<span class="nu0">12</span>  # RFC1918 possible internal network</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl localnet src <span class="nu0">192.168</span><span class="nu0">.0</span><span class="nu0">.0</span>/<span class="nu0">16</span> # RFC1918 possible internal network</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl localnet src fc00::/<span class="nu0">7</span>       # RFC <span class="nu0">4193</span> local private network range</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl localnet src fe80::/<span class="nu0">10</span>      # RFC <span class="nu0">4291</span> link-local <span class="br0">(</span>directly plugged<span class="br0">)</span> machines</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">acl SSL_ports port <span class="nu0">443</span></div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">80</span>    # http</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">21</span>    # ftp</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">443</span>  # https</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">70</span>    # gopher</div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">acl Safe_ports port <span class="nu0">210</span>  # wais</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">1025</span><span class="nu0">-65535</span>  # unregistered ports</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">280</span>  # http-mgmt</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">488</span>  # gss-http</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl Safe_ports port <span class="nu0">591</span>  # filemaker</div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">acl Safe_ports port <span class="nu0">777</span>  # multiling http</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl CONNECT method CONNECT</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">http_access deny !Safe_ports</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">http_access deny CONNECT !SSL_ports</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">http_access allow localhost manager</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">http_access deny manager</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">http_access allow localnet</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">http_access allow localhost</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">auth_param basic program /usr/bin/php /etc/squid/authenticate.php</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">auth_param basic children <span class="nu0">5</span></div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">auth_param basic realm Web-Proxy</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">auth_param basic credentialsttl <span class="nu0">1</span> minute</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">auth_param basic casesensitive off</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">acl db-auth proxy_auth REQUIRED</div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">http_access allow db-auth</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">http_access allow localhost</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">http_access deny all</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">http_port <span class="nu0">3128</span></div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">coredump_dir /var/spool/squid</div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;"> </div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">refresh_pattern ^ftp:      <span class="nu0">1440</span>       <span class="nu0">20</span>%    <span class="nu0">10080</span></div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">refresh_pattern ^gopher:        <span class="nu0">1440</span>    <span class="nu0">0</span>%  <span class="nu0">1440</span></div></li><li class="li2" style="color: rgb(131, 131, 131); font-weight: bold;"><div class="de2" style="color: black; font-weight: normal; display: inline;">refresh_pattern -i <span class="br0">(</span>/cgi-bin/|\?<span class="br0">)</span> <span class="nu0">0</span>     <span class="nu0">0</span>%   <span class="nu0">0</span></div></li><li class="li1" style="color: rgb(131, 131, 131);"><div class="de1" style="color: black; display: inline;">refresh_pattern .              <span class="nu0">0</span>      <span class="nu0">20</span>%   <span class="nu0">4320</span></div></li></ol><div class=""><br class=""></div></div><div class=""><br class=""></div><div class="">Everything I’ve read and tried always left me with the same result which was an infinite loop rather than squid returning an unauthorized result page.</div><div class=""><br class=""></div><div class="">Any help would be greatly appreciated.</div></body></html>