[squid-users] Auth conf help
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 15 09:33:28 UTC 2015
On 15/04/2015 9:46 a.m., Balázs Szabados wrote:
> Possile Problem #1:
> digest_pw_auth has not existed in some years. The helpers correct
> current name is digest_file_auth. Please upgrade.
>
> In the openwrt repository, I can only find Squid 2.7, and I can't upgrade
> to newer.
> Can I make this work somehow, with the current setup?
>
> Possible Problem #2:
> when wrong credentials are presented the "http_access allow password"
> will NOT require new ones. It will just skip to the next line - which is
> an implicit "deny all"
>
> Use this instead:
> http_access deny !password
> http_access allow localnet
>
> Tried it, but the issue persists. Actually, I just noticed that the
> http_access allow localnet already was present in the config, I forgot to
> include in my previous mail.
>
> Possible Problem #3:
> the client you are testing with may not support Digest authentication.
> In the current Squid releases use "debug_options 11,2" in squid.conf to
> get a cache.log trace of the HTTP headers the client is sending.
>
> I've tried with IExplorer, Chrome and curl, I see this in the access log:
>
> 2 192.168.1.177 TCP_DENIED/407 1722 GET http://www.bing.com/news? user1
> NONE/- text/html
Ah so it found credentials for "user1". But they were not successfully
validated.
Does the helper work if you test it from the command line?
The input format is (including the ':' and '"'s as-is):
"user":"realm"
Your version should supply the HA1 value on accept, ERR on reject.
Amos
More information about the squid-users
mailing list