[squid-users] squid AUTH basic-nasa always 1st time get denied !!!

Amos Jeffries squid3 at treenet.co.nz
Sat Sep 17 17:52:16 UTC 2016


On 18/09/2016 4:57 a.m., --Ahmad-- wrote:
> Hi Guys ,
> i want to ask why always 1st time of basic-nasa auth get denied and the 2d time get work ??
> 

Would you prefer your browser to broadcast your username and password
un-encrypted to anything it happens to connect to? Dangerous.

On each new TCP connection your browser sends one request with *no*
credentials. The proxy tells it that credentials are needed and what
type. Browser then repeats its request with the credentials attached.

You can reduce the number of 407 occuring by ensuring that client
persistent connections is enabled. That is on by default in current
Squid, make sure you are not disabling it in squid.conf.


> I’m sure i set the right pwd , but the 1st time must give me wrong then it works
> 
> here is logs :
> NE/- text/html
> 1474163690.278    229 68.68.102.158 TCP_MISS/200 37701 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html ilybwy HIER_DIRECT/23.213.106.42 text/html
> 1474163695.290      0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163695.520    230 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html hzrcfj HIER_DIRECT/23.213.106.42 text/html
> 1474163700.532      0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163700.764    231 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html dbftyv HIER_DIRECT/23.213.106.42 text/html
> 1474163705.777      0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163706.007    230 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html ynsxui HIER_DIRECT/23.213.106.42 text/html
> 1474163711.022      0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163711.261    238 68.68.102.158 TCP_MISS/200 37700 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html mjdvka HIER_DIRECT/23.213.106.42 text/html
> 1474163716.279      0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163716.790    510 68.68.102.158 TCP_MISS/200 37700 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html xbrdkw HIER_DIRECT/23.213.106.42 text/html
> 1474163722.004      0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163722.233    227 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html xgmbwc HIER_DIRECT/23.213.106.42 text/html
> 
> 
> 
> here is my auth settings :
> 
> # Lockdown Procedures
> auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user
> acl ncsa_users proxy_auth REQUIRED
> http_access allow ncsa_users
> 
> 
> any other optimization settings ?

With only those three config lines to go on. You can optimize by
changing the allow rule to a deny.

 http_access deny !ncsa_users
 http_access allow localnet

> 
> also can i have other settings to let the operation faster ?
> 

You will need to let us know your current squid.conf for any answers to
be meaningful.

Amos



More information about the squid-users mailing list