Thanks for all the help. I just checked the /etc/squid/passwords file, turns out I mistakenly used htpasswd -c when saving the last username, password and all the previous ones got overwritten.
After fixing that, the config file I wrote earlier worked fine. With regards, Sonya Roy On Tue, Jun 20, 2017 at 4:18 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 20/06/17 10:50, Sonya Roy wrote: > >> Hi, >> >> Thanks for the links. So I tried what you suggested and for testing, I >> was using this simple config:- >> >> http_port 8080 >> auth_param basic program /usr/lib/squid/basic_ncsa_auth >> /etc/squid/passwords >> auth_param basic realm proxy >> external_acl_type checkclient children-max=20 %MYADDR %LOGIN >> /usr/local/squidauth.py >> acl authenticated external checkclient >> http_access allow authenticated >> cache deny all >> forwarded_for delete >> request_header_access Via deny all >> >> I made sure that the squidauth.py file was executable and when >> debugging, I found that the helper processes were running. But nothing >> was getting passed to the helper processes. In the python code, I was >> running a loop which reads lines from the stdin and parses them and >> writes output to the stdout. I checked and it wasn't getting anything >> from stdin. (I added a line which reads the input line from stdin and >> sends it to another server through a http request to make sure if it was >> getting anything from stdin at all) >> >> But, when I tried to use the proxy(and of course I was using a username >> and password that was stored in /etc/squid/passwords), I kept getting >> the error that authentication required, i.e. the server was sending back >> the header Proxy-Authenticate: Basic realm="proxy". I am not sure what I >> am doing wrong here. >> > > Sounds to me like the auth_param helper is not accepting the credentials > you are testing with. The %LOGIN parameter needs auth to be completed > successfully before the ACL helper is called with the resulting username. > > Note that the NCSA helper uses a database file (/etc/squid/passwords) of > hashes encoded by the Apache htpasswd tool. It is not a plain-text nor Unix > passwd file, that difference catches some people out. > > > To simplify what is going on I would use the following config sequence: > > acl login proxy_auth REQUIRED > http_access deny !login > > acl userip_check external checkclient > http_access allow userip_check > > http_access deny all > > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
