[squid-users] Upstream Proxy
Amos Jeffries
squid3 at treenet.co.nz
Fri Jul 15 17:27:13 UTC 2022
On 16/07/22 04:05, Johnathan Hasty wrote:
>> What HTTP authentication method(s) or scheme(s) does your upstream proxy support or require?
>
> They're very vague and not helpful. It was said they look for email, but in reality it would be user at blah.company.com rather than user at company.com.
>
>
> This is the only information I have for them.
>
> https://support.goguardian.com/s/article/Deploying-GoGuardian-Gateway-1629767892527
>
> https://view.highspot.com/viewer/5f7241dd628ba24915723e85
>
This document is providing some answers, but indeed are a bit obscure.
The authentication is using LDAP service. Which means Squid should have
its own account in LDAP registered as a machine account type (not a
regular user, so it can avoid constant password update requirements).
Those are the credentials you configure in the cache_peer line to be
passed to GG.
Make sure that you configure the full username string. Whether it be
login=user at blah.example.com:password or login=user at example.com:password
or login=user:password
Also, cache_peer should not need sslcapath= option. Just 'tls' and
ensure the Squid machine Trusted CA certs package is kept up to date. If
GG has a special Server certificate based on some custom CA, then use
the tls-cafile= option to load that custom public root cert.
If you are still having issues, the contents of the PAC file generated
for a test user account could have some more hints about what GG is
expecting.
HTH
Amos
More information about the squid-users
mailing list