Results 1 to 1 of 1
Hi all,
this is my first post so be lenient please.
Heres the Situation:
We are running an Squid Proxy Server Version 3.0 Stable 8 on a Debian Lenny Kernel ...
- 08-18-2011 #1Just Joined!
- Join Date
- Aug 2011
- Posts
- 1
Problem with Squid on websites with IP-authentication
Hi all,
this is my first post so be lenient please.
Heres the Situation:
We are running an Squid Proxy Server Version 3.0 Stable 8 on a Debian Lenny Kernel 2.6.29.
The server is member of the Active-Directy and squid authenticates the users against the the Active-Directy, with their windows logon.
And heres the problem:
There is website at which our network is authenticated by the ip-address.
Using the proxy we can reach the site, but are not authenticated and get no access to the ressources. If we are surfing the website without proxy theres no problem.
If i download the website from the machine with the proxy-server on it authentication succeeds. But if I tell wget to use the proxy authentication fails.
So problem seems not to be the machine reaching the website with another ip-address.
I also tried to deactivate the authentication, but it has no effect.
Here's the snippet of the access.log when loading the site
(had to remove all links and ip-addresses, cause this my first post):
03/Aug/2011:09:08:12 1312355292.725 ip-address TCP_MISS/200 1245 GET DIRECT/8ip-address text/html
03/Aug/2011:09:08:12 1312355292.776 36 192.168.1.71 TCP_MISS/304 252 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.839 39 192.168.1.71 TCP_MISS/304 252 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.880 79 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.881 78 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.892 39 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.919 35 192.168.1.71 TCP_MISS/304 252 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.925 69 192.168.1.71 TCP_MISS/304 254 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.938 38 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.970 34 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.974 36 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:12 1312355292.981 40 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:13 1312355293.012 42 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:13 1312355293.020 34 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:17 1312355297.149 231 192.168.1.71 TCP_MISS/200 9893 GET DIRECT/ip-address text/html
03/Aug/2011:09:08:17 1312355297.244 57 192.168.1.71 TCP_MISS/304 252 GET DIRECT/ip-address
03/Aug/2011:09:08:17 1312355297.244 42 192.168.1.71 TCP_MISS/304 253 GET DIRECT/ip-address
03/Aug/2011:09:08:17 1312355297.249 46 192.168.1.71 TCP_MISS/304 251 GET DIRECT/ip-address
And here is the cache.log on with debug_options ALL,2
(abbreviated it a bit for readability):
2011/08/18 09:58:16.212| The request GET domain/IANA domains is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:16.561| The reply for GET is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.755| The request GET is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.862| ctx: enter level 0: 'index_ipreg'
2011/08/18 09:58:17.862| hdr cc: unknown cache-directive: near 'post-check=0, pre-check=0' in 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0'
2011/08/18 09:58:17.862| hdr cc: unknown cache-directive: near 'pre-check=0' in 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0'
2011/08/18 09:58:17.862| ctx: exit level 0
2011/08/18 09:58:17.862| hdr cc: unknown cache-directive: near 'post-check=0, pre-check=0' in 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0'
2011/08/18 09:58:17.862| hdr cc: unknown cache-directive: near 'pre-check=0' in 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0'
2011/08/18 09:58:17.862| The reply for GET is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.890| The request GET is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.905| The request GET is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.905| The request GET ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.926| The reply for GET is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.939| The reply for GET domains is ALLOWED, because it matched 'AuthorizedUsers'
2011/08/18 09:58:17.945| The reply for GET is ALLOWED, because it matched 'AuthorizedUsers'
The Problem seems to have something to with 2011/08/18 09:58:17.862| ctx: enter level 0: 'index_ipreg'
supposed to be the registration site...
If you would like too I could also post the squid.conf.
So now I hope its nearly clear what I want and someone is able help me. I'm grateful for every hint...
Best regards,
Jonathan
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
