On 18/09/2016 4:57 a.m., --Ahmad-- wrote: > Hi Guys , > i want to ask why always 1st time of basic-nasa auth get denied and the 2d > time get work ?? >
Would you prefer your browser to broadcast your username and password un-encrypted to anything it happens to connect to? Dangerous. On each new TCP connection your browser sends one request with *no* credentials. The proxy tells it that credentials are needed and what type. Browser then repeats its request with the credentials attached. You can reduce the number of 407 occuring by ensuring that client persistent connections is enabled. That is on by default in current Squid, make sure you are not disabling it in squid.conf. > I’m sure i set the right pwd , but the 1st time must give me wrong then it > works > > here is logs : > NE/- text/html > 1474163690.278 229 68.68.102.158 TCP_MISS/200 37701 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html ilybwy > HIER_DIRECT/23.213.106.42 text/html > 1474163695.290 0 68.68.102.158 TCP_DENIED/407 4187 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html > 1474163695.520 230 68.68.102.158 TCP_MISS/200 34951 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html hzrcfj > HIER_DIRECT/23.213.106.42 text/html > 1474163700.532 0 68.68.102.158 TCP_DENIED/407 4187 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html > 1474163700.764 231 68.68.102.158 TCP_MISS/200 34951 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html dbftyv > HIER_DIRECT/23.213.106.42 text/html > 1474163705.777 0 68.68.102.158 TCP_DENIED/407 4187 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html > 1474163706.007 230 68.68.102.158 TCP_MISS/200 34951 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html ynsxui > HIER_DIRECT/23.213.106.42 text/html > 1474163711.022 0 68.68.102.158 TCP_DENIED/407 4187 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html > 1474163711.261 238 68.68.102.158 TCP_MISS/200 37700 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html mjdvka > HIER_DIRECT/23.213.106.42 text/html > 1474163716.279 0 68.68.102.158 TCP_DENIED/407 4187 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html > 1474163716.790 510 68.68.102.158 TCP_MISS/200 37700 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html xbrdkw > HIER_DIRECT/23.213.106.42 text/html > 1474163722.004 0 68.68.102.158 TCP_DENIED/407 4187 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html - HIER_NONE/- text/html > 1474163722.233 227 68.68.102.158 TCP_MISS/200 34951 GET > http://www.adidas.com/us/nmd_r1-shoes/S31507.html xgmbwc > HIER_DIRECT/23.213.106.42 text/html > > > > here is my auth settings : > > # Lockdown Procedures > auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user > acl ncsa_users proxy_auth REQUIRED > http_access allow ncsa_users > > > any other optimization settings ? With only those three config lines to go on. You can optimize by changing the allow rule to a deny. http_access deny !ncsa_users http_access allow localnet > > also can i have other settings to let the operation faster ? > You will need to let us know your current squid.conf for any answers to be meaningful. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
