[squid-users] 回复: Can not pass Squid basic authentication
birbird
birbird at qq.com
Mon Oct 5 03:41:57 UTC 2015
Hi Amos, thanks a lot for your reply.
I have tried both -m and -d for htpasswd, they do generate different encrypted text, but none of them can be recognized by /usr/lib64/squid/ncsa_auth.
I am still stuck at here.
By the way, I just paste the diff part of my config between the default config. So my config contains these 2 lines:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports
------------------ 原始邮件 ------------------
发件人: "Amos Jeffries";<squid3 at treenet.co.nz>;
发送时间: 2015年10月1日(星期四) 晚上9:13
收件人: "squid-users"<squid-users at lists.squid-cache.org>;
主题: Re: [squid-users] Can not pass Squid basic authentication
On 1/10/2015 10:41 p.m., birbird wrote:
> Hi All,
>
>
> I have setup basic authentication for Squid, but I can not get passed from browser, just asked to inpu user/password time and time again.
>
>
> I was stuck at, the command
> /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> dose not give any output. I think it means squid can not get the authentication info. But I have no idea what to do next.
>
>
> I create my password by
> htpasswd -d /etc/squid/squid_passwd dan
Try using -m instead of -d.
>
>
> My squid config is
> auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> acl ncsa_users proxy_auth REQUIRED
>
> http_access allow ncsa_users
>
Is that the entire acces control configuration?
If so, it is missing the basic security protections against tunnel abuse
and protocol smuggling. aka;
http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports
These should be above the auth checks to reduce DoS vulnerabilities.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151005/691a69e7/attachment.html>
More information about the squid-users
mailing list