RE: [squid-users] ?uthentication problem

From: Bruno Guerreiro <bruno.guerreiro@dont-contact.us>
Date: Mon, 21 May 2001 12:07:09 +0100

Hi,
I think you should give a look at authenticate_ip_ttl in squid.conf and it's
description.

Regards,
Bruno Guerreiro

-----Original Message-----
From: Viacheslav E.Voytovich [mailto:slava@siat.ru]
Sent: domingo, 20 de Maio de 2001 12:19
To: squid-users@squid-cache.org
Subject: [squid-users] ?uthentication problem

Hi !

I am using Squid 2.3 STABLE4 and while tuning authentication I got such
problem.
I have such configuration of auth:

Auth program is ncsa_auth
authenticate_children 5
authenticate_ttl 1800
authenticate_ip_ttl 1800

acl SiatUsers src 192.168.1.0/255.255.255.0 192.168.10.0/255.255.255.0
192.168.11.0/255.255.255.0 195.239.171.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl Dejur src 192.168.1.7/255.255.255.255
acl BlackList src 192.168.1.107/255.255.255.255
195.239.171.18/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl Password proxy_auth REQUIRED

acl Downloading urlpath_regex -i -nocase "/path/to/file/files.deny"
acl SexSites url_regex -i -nocase "/path/to/file/sites.deny"

acl manager proto cache_object
acl HTTPProtocol proto HTTP

acl DejurTime0 time 00:00-09:00
acl DejurTime1 time 18:30-23:59
acl DejurTime2 time SA

acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

http_access deny Downloading
http_access deny SexSites
http_access deny BlackList
http_access deny !Password
http_access deny Dejur DejurTime0
http_access deny Dejur DejurTime1
http_access deny Dejur DejurTime2
http_access allow SiatUsers HTTPProtocol
http_access deny SiatUsers !HTTPProtocol
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

There is a such problem.
I send requests from pc with IP, for example, 192.168.1.10 and
192.168.1.11 and authenticate myself with same user/pass at both pcs.
All requests send in authenticate_ttl windows.
If I send first request from 192.168.1.10 proxy pass one through. But
now all requests from 192.168.1.10 pass through without any auth
questions from proxy, and proxy require authenticate requests from
192.168.1.11 for user/pass. Besides proxy require authentication only
after any requests from 192.168.1.10.

Where is the problem?

With best regards
Viacheslav Voytovich
Received on Mon May 21 2001 - 05:07:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:13 MST