[squid-users] squid AUTH basic-nasa always 1st time get denied !!!
Amos Jeffries
squid3 at treenet.co.nz
Sat Sep 17 17:52:16 UTC 2016
On 18/09/2016 4:57 a.m., --Ahmad-- wrote:
> Hi Guys ,
> i want to ask why always 1st time of basic-nasa auth get denied and the 2d time get work ??
>
Would you prefer your browser to broadcast your username and password
un-encrypted to anything it happens to connect to? Dangerous.
On each new TCP connection your browser sends one request with *no*
credentials. The proxy tells it that credentials are needed and what
type. Browser then repeats its request with the credentials attached.
You can reduce the number of 407 occuring by ensuring that client
persistent connections is enabled. That is on by default in current
Squid, make sure you are not disabling it in squid.conf.
> I’m sure i set the right pwd , but the 1st time must give me wrong then it works
>
> here is logs :
> NE/- text/html
> 1474163690.278 229 68.68.102.158 TCP_MISS/200 37701 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html ilybwy HIER_DIRECT/23.213.106.42 text/html
> 1474163695.290 0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163695.520 230 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html hzrcfj HIER_DIRECT/23.213.106.42 text/html
> 1474163700.532 0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163700.764 231 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html dbftyv HIER_DIRECT/23.213.106.42 text/html
> 1474163705.777 0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163706.007 230 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html ynsxui HIER_DIRECT/23.213.106.42 text/html
> 1474163711.022 0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163711.261 238 68.68.102.158 TCP_MISS/200 37700 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html mjdvka HIER_DIRECT/23.213.106.42 text/html
> 1474163716.279 0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163716.790 510 68.68.102.158 TCP_MISS/200 37700 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html xbrdkw HIER_DIRECT/23.213.106.42 text/html
> 1474163722.004 0 68.68.102.158 TCP_DENIED/407 4187 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html
> 1474163722.233 227 68.68.102.158 TCP_MISS/200 34951 GET http://www.adidas.com/us/nmd_r1-shoes/S31507.html xgmbwc HIER_DIRECT/23.213.106.42 text/html
>
>
>
> here is my auth settings :
>
> # Lockdown Procedures
> auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user
> acl ncsa_users proxy_auth REQUIRED
> http_access allow ncsa_users
>
>
> any other optimization settings ?
With only those three config lines to go on. You can optimize by
changing the allow rule to a deny.
http_access deny !ncsa_users
http_access allow localnet
>
> also can i have other settings to let the operation faster ?
>
You will need to let us know your current squid.conf for any answers to
be meaningful.
Amos
More information about the squid-users
mailing list