[squid-users] Issues with authentication
Joe O
notjoe at gmail.com
Mon Oct 10 18:01:07 UTC 2016
I have an issue with my browser and squid where they both seem to be stuck in an infinite loop of denied requests.
I have a a helper script that authenticates the user. The script works. Here is an example of the output of authentication
being successful and not successful.
[root at 1 ~]# /etc/squid/authenticate.php
test1 test1
OK
test1 test2
ERR login failure
So, I am sending the right info back to squid. When I authenticate successfully then squid and my browser play nice and there is no power struggle.
If the authentication fails then I get this:
1476120287.143 24 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com <http://www.google.com/>:443 test HIER_NONE/- text/html
1476120287.143 25 45.63.40.55 TCP_DENIED/407 4253 CONNECT www.facebook.com <http://www.facebook.com/>:443 test HIER_NONE/- text/html
1476120287.143 25 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com <http://www.google.com/>:443 test HIER_NONE/- text/html
1476120287.216 18 45.63.40.55 TCP_DENIED/407 4293 CONNECT www.facebook.com <http://www.facebook.com/>:443 test HIER_NONE/- text/html
1476120287.216 9 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com <http://www.google.com/>:443 test HIER_NONE/- text/html
1476120287.216 15 45.63.40.55 TCP_DENIED/407 4253 CONNECT www.facebook.com <http://www.facebook.com/>:443 test HIER_NONE/- text/html
1476120287.216 15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com <http://www.google.com/>:443 test HIER_NONE/- text/html
1476120287.216 15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com <http://www.google.com/>:443 test HIER_NONE/- text/html
1476120287.216 15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com <http://www.google.com/>:443 test HIER_NONE/- text/html
1476120287.216 15 45.63.40.55 TCP_DENIED/407 4245 CONNECT www.google.com <http://www.google.com/>:443 test HIER_NONE/- text/html
Here is my squid config:
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
auth_param basic program /usr/bin/php /etc/squid/authenticate.php
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off
acl db-auth proxy_auth REQUIRED
http_access allow db-auth
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
Everything I’ve read and tried always left me with the same result which was an infinite loop rather than squid returning an unauthorized result page.
Any help would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161010/bbc825ca/attachment-0001.html>
More information about the squid-users
mailing list