Re: [squid-users] Authntication loop

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 18 Jun 2009 01:09:10 +1200

csampath wrote:
> Hi ,
>
> Nice to see your quick response.
>
> I compiled with --enable-linux-netfilter configuration. You mean to say
> compile squid with out that flag to run squid in accel mode ?

No. Reverse-proxy mode "Acceleration" of an internal webserver is
available by default in current Squid. Where Squid listens on port 80
and gateways to your master web server.

Port-80 Interception is a different mode and requires such options along
with "transparent" or "intercept" settings to http_port (can be, but
best not to have it on the usual proxy port).

>
> I tried with out vhost and vport . Just giving the defaultsite=XXXXX.xom
>
> request is not going to the correct URL.
>
> Any suggestion in the config file ?

What usage are you trying to put Squid to? Its hard to give specifics
when working to a vague assumption.

Amos

>
> Chris Robertson-2 wrote:
>> csampath wrote:
>>> Hi All,
>>>
>>> I am using squid3.0 satble 15.
>>>
>>> I am facing the authentication loop . For a page to load squid is asking
>>> for
>>> 3 to 5 times (may be for each ajax request)
>>>
>>> When I give wrong password it is saying
>>>
>>> Sorry, you are not currently allowed to request http://yahoo.com from
>>> this
>>> cache until you have authenticated yourself.
>>>
>>> When I give correct password it is asking repeatedly (for every click)
>>>
>>> Here is my squid configuration.
>>>
>>>
>>> http_port 3128 accel vport vhost
>>>
>>> auth_param basic program /usr/lib64/squid/squid_radius_auth -f
>>> /etc/squid/squid_radius_conf
>>> auth_param basic children 2
>>> auth_param basic realm Squid proxy-caching web server
>>> auth_param basic credentialsttl 2 hours
>>> acl radius-auth proxy_auth REQUIRED
>>> http_access deny all !radius-auth
>>> http_access deny !radius-auth all
>>> http_access allow all
>>> http_reply_access allow all
>>> visible_hostname localhost
>>> #miss_access allow all
>>> cache deny all
>>> always_direct allow all
>>>
>>> can any one suggest me the order of http_access entries in the
>>> configuration
>>> file?
>>>
>> From the information given, I gather that you are running an
>> interception proxy. The accel argument to http_port is meant for
>> acceleration setups, not for interception setups. I further surmise
>> that you chose to go the "accel vport vhost" route because using
>> "transparent" gave configuration errors with authentication.
>>
>> There is a reason for that.
>> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-e56904dd4dfe0e21e5c2903473c473d401533ac7
>>
>>> Appreciate your response.
>>>
>>> Thanks
>>> -Sampath.
>> Chris
>>
>>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.8
Received on Wed Jun 17 2009 - 13:09:16 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 17 2009 - 12:00:04 MDT