Re: [squid-users] WWW-Authenticate header field

From: bijayant kumar <bijayant4u_at_yahoo.com>
Date: Wed, 4 Feb 2009 02:23:00 -0800 (PST)

Bijayant Kumar

--- On Wed, 4/2/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote:

> From: Amos Jeffries <squid3_at_treenet.co.nz>
> Subject: Re: [squid-users] WWW-Authenticate header field
> To: bijayant4u_at_yahoo.com
> Cc: "squid users" <squid-users_at_squid-cache.org>
> Date: Wednesday, 4 February, 2009, 12:12 PM
> bijayant kumar wrote:
> > I can give only the squid configuration details,
> because the webserver which is being accessed is not under
> our control. When we are accessing that webserver without
> the squid its opening fine, but from squid I am getting the
> error. Here is the configuration details
> >
> > SQUID 2.6.STABLE13 :-
> >
> > http_port 3128 transparent
> > hierarchy_stoplist cgi-bin ?
> > acl QUERY urlpath_regex cgi-bin \?
> > cache deny QUERY
> > acl apache rep_header Server ^Apache
> > broken_vary_encoding allow apache
> > maximum_object_size 40960 KB
> > cache_dir ufs /var/cache/squid 2000 16 256
> > access_log /var/log/squid/access.log squid
> > url_rewrite_program /usr/bin/squidGuard -c
> /etc/squidGuard/squidGuard.conf
> > url_rewrite_children 40
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern . 0 20% 4320
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl to_localhost dst 127.0.0.0/8
> > acl SSL_ports port 443
> > acl Safe_ports port 80 # http
> > acl Safe_ports port 21 # ftp
> > acl Safe_ports port 443 # https
> > acl Safe_ports port 70 # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535 # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > acl Safe_ports port 901 # SWAT
> > acl purge method PURGE
> > acl CONNECT method CONNECT
> > follow_x_forwarded_for allow localhost
> > http_access allow manager localhost
> > http_access deny manager
> > http_access allow purge localhost
> > http_access deny purge
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > -- some acls are defined according to network --
> > http_access deny all
> > http_reply_access allow all
> > icp_access allow all
> > visible_hostname xxxxx.proxy.blr
> > forwarded_for off
> > coredump_dir /var/cache/squid
> > ie_refresh on
> >
> > Rest all are default values. When web server is being
> accessed through squid, it prompts the username &
> password(webserver), and after giving the right credentials
> it gives me the error specified. But without the squid ie
> going directly to webserver all things are fine means it
> accepts the username and password. AFAIK, squid
> configuration is fine because when any webserver with
> htaccess authentication is being accessed by squid, it opens
> fine. But not this server.
> >
> > Bijayant Kumar
> >
>
> Hmm, transparent proxy and authentication trouble :(

I tried without the transparent proxy also. But I am getting the same error. Transparent proxy will create problem only if squid will be used for authentication purpose means squid is configured for any type of authentication, right? In my case Squid is not configured for any authentication, it has to just take the values from client and pass to the webserver, I think.

>
> Can you get a look at the challenge and error headers the
> web server is producing?
>
> Amos

I wont, but can provide you everything which I can get on the squid server. For further troubleshooting when connecting I am also getting

Alert!: Invalid header 'WWW-Authenticate: Negotiate'
Alert!: Invalid header 'WWW-Authenticate: NTLM'

And after that that 401 error code with message

You are not authorized to view this page
                                                                                                                                         You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)

>
> >
> > --- On Wed, 4/2/09, Amos Jeffries
> <squid3_at_treenet.co.nz> wrote:
> >
> >> From: Amos Jeffries <squid3_at_treenet.co.nz>
> >> Subject: Re: [squid-users] WWW-Authenticate header
> field
> >> To: bijayant4u_at_yahoo.com
> >> Cc: "squid users"
> <squid-users_at_squid-cache.org>
> >> Date: Wednesday, 4 February, 2009, 10:15 AM
> >> bijayant kumar wrote:
> >>> Hello list,
> >>>
> >>> We have a local webserver running in our LAN
> and it is
> >> configured to ask username and password to access.
> When I am
> >> configuring my IE to go use squid then its giving
> me a error
> >> like
> >>> You are not authorized to view this page
> >>> You do not have permission to view this
> directory or
> >> page using the credentials that you supplied
> because your
> >> Web browser is sending a WWW-Authenticate header
> field that
> >> the Web server is not configured to accept.
> >>> HTTP Error 401.2 - Unauthorized: Access is
> denied due
> >> to server configuration.
> >>> But when I am not using squid as a proxy
> ie
> >> accessing directly, its opening fine.
> >>> I am using SQUID 2.6.STABLE13.
> >>>
> >>> Is anything wrong with the squid
> >> configuration/compilation or I have to change
> anything in
> >> the webserver. Please help me.
> >> People can only help with configuration problems
> when
> >> config details are supplied.
> >>
> >>
> >>
> >> Amos
> >> -- Please be using
> >> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
> >> Current Beta Squid 3.1.0.4
> >
> >
> > New Email addresses available on Yahoo!
> > Get the Email name you&#39;ve always wanted on the
> new @ymail and @rocketmail. Hurry before someone else does!
> > http://mail.promotions.yahoo.com/newdomains/aa/
>
>
> -- Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
> Current Beta Squid 3.1.0.5 New Email addresses available on Yahoo! Get the Email name you&#39;ve always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/
Received on Wed Feb 04 2009 - 10:23:13 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 05 2009 - 12:00:01 MST