[squid-users] Fwd: digest authentication and https

From: Albert Petit <albertpetit_at_gmail.com>
Date: Fri, 25 Apr 2014 12:01:00 +0200

Hi,

I was able to configure succesfully squid for redirecting HTTP
requests to a cache peer which is using HTTP

Now i would like to do exactly the same but for https request. So
squid redirects https request to another https endpoint and also keeps
handling the digest authentication

If i allow access to SSL port directly the redirection does work
fine so it does not seem a problem in the definition of the new https
cache peer and is not related to certificates neither

However when i add digest authentication and access the HTTPS endpoint
the browser does not prompt me for credentials and the response code
has become 407 instead of 401. The digest challenge looks fine in the
407 answer.

What could be the problem which causes my browser to not prompt? On
the access.log I think my problem is just the response code for https
is being 407 instead of 401. How could I force 401 for HTTPs?

Thanks

(I attach also relevant part of squid.conf in case it is useful)
# User access policies
auth_param digest program /usr/lib64/squid/squid_db_auth_digest --user
openserro --password openserro --realm qa.genaker.net --persist
auth_param digest children 5
auth_param digest realm qa.genaker.net
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50

acl db-auth proxy_auth REQUIRED

#Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
#Accept connect on SSL Ports
http_access allow CONNECT SSL_Ports
#Always allow SSL Ports
#http_access allow SSL_Ports

#If not, request digest
http_access allow db-auth
#Always allow local host
http_access allow localhost
#Deny rest of connections
http_access deny all
Received on Fri Apr 25 2014 - 10:01:31 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 25 2014 - 12:00:07 MDT