squid no longer works with local authenticated web site

15 pts.
Tags:
Networking
Sorry to cast such a large net. I didn't find where proxy servers were listed. We have two proxy servers on our campus. Both are using squid. The main difference is the library bypasses our web security box for all sites and the main one bypasses it only for our local sites. This was done because mcafee was blocking sites we needed access to including on our own web server. When we set things up we verified connectivity to the needed sites. This morning we found we couldn't connect to the local authenticated site using either proxy. It appears the request for name and password isn't being forwarded to the client. We haven't done anything to the proxies and I have been assured the web server wasn't changed. One of the symptoms is a pop-up saying "the connection was refused when attempting to contact the proxy server you have configured". We are unable to connect with either firefox or internet explorer. The resulting web display says "you are not authorized to view this page". Since I really don't have an external authenticated web site other than gmail, I didn't do extensive testing on the outside access. Gmail worked fine using either proxy but so does our web exchange site. I would appreciate any assistance with this. Thanks. rt

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi Astronomer,

as I understood the situation, your squids DON’T REQUIRE authentication of the users to accept connections for proxiing, but your internal website is which requires users to be authenticated to use some service.

If this is true, I think there might be a change in the url pointing to the website (https://… instead of http://…). Then there are two possibilities:

(1) squid is not configured to listen for/handle ssl connections;

(2) proxie configuration in your browsers directs ssl requests not to the port whwre squids expect your requests.

Of course, if my assumption is wrong, the problem could be quite different.

BR

Petko

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Astronomer
    We aren't doing any authenticating with squid. What I have found so far is the problem web site uses integrated windows authentication. According to the squid manual, this form of authentication is incompatible with proxy servers. I checked another site with basic authentication, (cleartext passwords), and it works fine with our proxy. We are setting up another IIS server in our test lab to see if there are issues with digest authentication. I also intend to see what happens if we set the server to use HTTPS. I asked why we are requiring encrypted authentication to a web site but send the data in the clear. I didn't get an answer. This is all new to me but I will let you know what we stumble across. Thanks for the response. rt
    15 pointsBadges:
    report
  • Astronomer
    We aren't doing any authenticating with squid. What I have found so far is the problem web site uses integrated windows authentication. According to the squid manual, this form of authentication is incompatible with proxy servers. I checked another site with basic authentication, (cleartext passwords), and it works fine with our proxy. We are setting up another IIS server in our test lab to see if there are issues with digest authentication. I also intend to see what happens if we set the server to use HTTPS. I asked why we are requiring encrypted authentication to a web site but send the data in the clear. I didn't get an answer. This is all new to me but I will let you know what we stumble across. Thanks for the response. rt
    15 pointsBadges:
    report
  • petkoa
    Hi again, So, probably your problem might be connected with some autoupdate on "black tuesday"... I'm unfamiliar with IIS and that "internal windows authentication", but I agree with your webserver guys that plaintext password authentication is not an authentication at all. Though, an excerpt from Squid 2.5 release notes: ================================ 1. Key changes from squid 2.4: * Major rewrite of proxy authentication to support other schemes than basic. First in the line is NTLM support but others can easily be added (minimal digest is present). See the Programmers Guide for the internals..... ================================ What is your squids version? Probabbly updating them would help? BR Petko
    3,120 pointsBadges:
    report
  • Astronomer
    We are using 2.5 on a windows platform. rt
    15 pointsBadges:
    report
  • petkoa
    Hi, It's bad that NTLM thing is not working as expected in squid 2.5; Any success with ssl-based authentication?
    3,120 pointsBadges:
    report
  • Astronomer
    We haven't done an SSL test yet. That should be next,(if we don't have another big fire), after we finish the backup server we are deploying on another campus. rt
    15 pointsBadges:
    report
  • Astronomer
    We haven't done an SSL test yet. That should be next,(if we don't have another big fire), after we finish the backup server we are deploying on another campus. rt
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following