Re: [squid-users] Squid 3.0 vs. 2.6 Releases

From: Matt <lm7812_at_gmail.com>
Date: Thu, 22 May 2008 11:15:29 -0500

>>>> I have problems with users connecting to websites on IIS servers not
>>>> able to authenticate with user name and password. Some other user
>>>> complains they cannot upload .NET. Will the chunked-encoding issue
>>>> cause this?

>>> On the authentication issue I tried changing log level to 9 for a
>>> short time but it did not tell me much. Saw the POST when the
>>> username and password was submitted but not much else. Its a IIS/6
>>> server with ASP.NET version 2. Looks to be using javascript to log
>>> in.
>>>
>>> Any ideas what I can change on Squid to make it work? Its does this
>>> both in transparent and non-transparent modes. I was hoping maybe
>>> Squid v3 had some improvements that would make it work.
>>>
>>
>> Interception 'transparent' mode ports do not even attempt to perform
>> authentication.
>
> To clarify, interception/transparent proxy ports don't allow proxy
> authentication. It should work just fine for authenticating to a web
> server, be it via HTTP auth or a login form.
>
>> Though with most javascript methods HTTP authentication is
>> not involved anyway.
>>
>
> Given it's a form that's being POSTed, this doesn't sound like HTTP auth in
> any case.
>
>> Making sure the interception and direct-proxy listening ports are
>> different should fix it for most users. If the code itself is failing on a
>> side-band authentication there is nothing you can do to fix it in squid.
>> Only the sites webmaster can fix those.
>>
>
> Unless Squid is configured to block some important header, or forced to
> cache pages that are marked private, or...
>
> A look at your squid.conf (without comments) might give the list members a
> better opportunity to help.

My squid.conf is below. I am only trying to proxy and cache http and
my cache is only really secured by the source IP address. Any ideas
would be appreciated.

Squid2.6stable20 was built like so.

./configure --enable-linux-netfilter --enable-storeio=ufs,aufs

Matt

http_port 8086 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
maximum_object_size 65536 KB
cache_dir aufs /usr/local/squid/var/cache 96000 16 256
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:144020%10080
refresh_pattern ^gopher:14400%1440
refresh_pattern .020%4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src x.x.x.0/24 x.x.x.0/24
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
tcp_outgoing_address x.x.10.2 all
cache_mgr support_at_xxxx
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.xxxx
Received on Thu May 22 2008 - 16:15:38 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:05:13 MDT