[squid-users] Forward proxy with BASIC authentication

Amos Jeffries squid3 at treenet.co.nz
Wed Dec 3 14:58:35 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/12/2014 8:28 a.m., fzab_ wrote:
> Hi, I want to use Squid locally on my computer to forward all
> traffic to a parent Squid proxy which uses BASIC authentication.
> The aim is to not store my password on every configuration file
> that needs internet access.
> 
> So here's the only lines I added to Squid default conf file :
> 
> /cache_peer x.x.x.x   parent  3128 0 no-query default
> login=login:password no-digest never_direct allow all/
> 
> It seems to work for a few minutes, but it doesn't seem to
> authenticate again when needed to. The access log shows 407 errors
> when it breaks. :
> 
> /297 127.0.0.1 TCP_MISS/407 2071 GET http://...../
> 
> Am I missing something, when I take a look at the sent requests,
> none have an authentication header?

All requests from Squid to its cache_peer should have the header:
 Proxy-Authorization: Basic bG9naW46cGFzc3dvcmQg

(bG9naW46cGFzc3dvcmQg being base64 encoded string "login:password").

If you are getting a 407 *from the peer*, that means either it does
not want Basic auth or the login:password details are incorrect. Squid
supports only Kerberos or Basic auth to peers, not Digest or NTLM.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUfyUbAAoJELJo5wb/XPRjhIgH/0EIPR2SJIPZpVGzzs6C1Bj9
EEWJ1w/oIp2fYKm7raB2kLp8xLLSIxc4a6s8od5UD4R9OyiQECqjCWO/sub9lsK4
GqX/anIxct8vDJb82jIe4qjFVi4SLA0YvBavgMV71yH4j7pSZRRdM/EKqdYMeq4F
Rrm2Xdfec/LXYP2EYFcPssT7XjjuH2qne2RgPAhtcfnEFnYMjmOHy56lGuiMkjTd
ftN0LuoTmIPR8zBzV+DXaaPHmajpLgtr8Onh89pYNULqsOqWgKXeXIm3UQtTu01e
O7Ni8fWLV8kDMKYbdCfWxPKb8OUU3INoUzgi0S9LjluoDD3E4wnnzoX/jIzJ1X0=
=fx/l
-----END PGP SIGNATURE-----


More information about the squid-users mailing list