[squid-users] Squid Segment Violation with authorization
Amos Jeffries
squid3 at treenet.co.nz
Fri Feb 16 04:39:38 UTC 2024
On 16/02/24 15:30, Eternal Dreamer wrote:
> Hi!
> When I'm trying to send curl request with provided basic
> proxy-authorization credentials through my proxy I see Segment Violation
> error in my logs and empty reply from server. Command is:
> curl -v --proxy-basic --proxy-user login:password --proxy
> http://192.168.3.19:8080 <http://192.168.3.19:8080> https://google.com
> <http://google.com>
>
> In squid.conf I have 3 directives:
>
> http_access allow some_acl
> http_access allow some_acl some_acl_user_auth some_special_domain
> http_all_port http_all_proto
> http_access allow some_acl some_acl_user_auth some_special_domain
> CONNECT https_port
>
> If I comment first one authorization works fine and it looks good.
Authorize or Authenticate?
Different things and you are mixing them up in these rules.
> But
> with all lines I even can't authorize to special domains without Segment
> Violation error.
The issue is likely somewhere else in what you have configured Squid to
do. The initial "allow some_acl" line *authorizes* access, without
*authenticating*. Resulting in there being no credentials for anything
that Squid needs to do later.
If it helps this arrangement is clearer and does almost the same thing:
http_access allow some_acl
http_access deny !some_special_domain
http_access deny !some_acl_user_auth
http_access allow CONNECT https_port
http_access allow http_all_port http_all_proto
> I've tried to use different versions of squid from 3.5 to 7.0.
> Squid before v5.0.1 ignores Proxy-Authorization header when it's not
> needed and works fine with this configuration.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list