<div dir="ltr">Thanks for all the help. I just checked the /etc/squid/passwords file, turns out I mistakenly used htpasswd -c when saving the last username, password and all the previous ones got overwritten.<div><br></div><div>After fixing that, the config file I wrote earlier worked fine.</div><div><br></div><div>With regards,</div><div>Sonya Roy<br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 20, 2017 at 4:18 PM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
On 20/06/17 10:50, Sonya Roy wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Thanks for the links. So I tried what you suggested and for testing, I<br>
was using this simple config:-<br>
<br>
http_port 8080<br>
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords<br>
auth_param basic realm proxy<br>
external_acl_type checkclient children-max=20 %MYADDR %LOGIN<br>
/usr/local/squidauth.py<br>
acl authenticated external checkclient<br>
http_access allow authenticated<br>
cache deny all<br>
forwarded_for delete<br>
request_header_access Via deny all<br>
<br>
I made sure that the squidauth.py file was executable and when<br>
debugging, I found that the helper processes were running. But nothing<br>
was getting passed to the helper processes. In the python code, I was<br>
running a loop which reads lines from the stdin and parses them and<br>
writes output to the stdout. I checked and it wasn't getting anything<br>
from stdin. (I added a line which reads the input line from stdin and<br>
sends it to another server through a http request to make sure if it was<br>
getting anything from stdin at all)<br>
<br>
But, when I tried to use the proxy(and of course I was using a username<br>
and password that was stored in /etc/squid/passwords), I kept getting<br>
the error that authentication required, i.e. the server was sending back<br>
the header Proxy-Authenticate: Basic realm="proxy". I am not sure what I<br>
am doing wrong here.<br>
</blockquote>
<br></div></div>
Sounds to me like the auth_param helper is not accepting the credentials you are testing with. The %LOGIN parameter needs auth to be completed successfully before the ACL helper is called with the resulting username.<br>
<br>
Note that the NCSA helper uses a database file (/etc/squid/passwords) of hashes encoded by the Apache htpasswd tool. It is not a plain-text nor Unix passwd file, that difference catches some people out.<br>
<br>
<br>
To simplify what is going on I would use the following config sequence:<br>
<br>
acl login proxy_auth REQUIRED<br>
http_access deny !login<br>
<br>
acl userip_check external checkclient<br>
http_access allow userip_check<br>
<br>
http_access deny all<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
Amos<br>
______________________________<wbr>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<wbr>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/l<wbr>istinfo/squid-users</a><br>
</div></div></blockquote></div><br></div></div></div>