Re: [squid-users] Issues with Squid and authenticated sites
Thanks so far Henrik. Since I´m a very stubborn person, I´m still trying. Doing some further research, I found a post in squid list from 3 years ago (in fact, you answered to it that time) where a user said he changed squid so it would return to the browser a HTTP_UNAUTHORIZED (401) message and then a WWW-Authenticate response-header. Did some work with Wireshark, and also found some old Squid docs, that showed me that Squid already does the HTTP_UNAUTHORIZED part. Back then the person said it worked for Mozilla and Firefox, but not for IE. Even you said backthen that it wouldn´t always work. Even so, I´d like to give it a try. Anyone knows if this change in Squid so it replies with WWW-Authenticate is something done in the config file or the source code? Even if it doesn´t work, I think is a very useful thing to learn. For the record: the thread I´m based on is: http://www.squid-cache.org/mail-archive/squid-users/200505/0404.html (original thread) http://www.squid-cache.org/mail-archive/squid-users/200505/0411.html (answer) Thanks again 2008/6/12 Henrik Nordstrom [EMAIL PROTECTED]: On tor, 2008-06-12 at 17:22 -0300, Henrique Machado wrote: I checked on that. You´re right, sorry about that. But the FTP still opens as read-only. Any ideas? File a bug report with your browser vendor, it's a known shortcoming of current browsers. Netscape 3 did support uploads via HTTP proxies. MSIE has never supported it. Firefox has forgotten how to do it.. Regards Henrik
Re: [squid-users] Issues with Squid and authenticated sites
On mån, 2008-06-16 at 14:04 -0300, Henrique Machado wrote: Since I´m a very stubborn person, I´m still trying. Good. Doing some further research, I found a post in squid list from 3 years ago (in fact, you answered to it that time) where a user said he changed squid so it would return to the browser a HTTP_UNAUTHORIZED (401) message and then a WWW-Authenticate response-header. Yes.. it's what Squid does. squidclient ftp://[EMAIL PROTECTED] HTTP/1.1 401 Unauthorized Server: squid/2.HEAD-CVS Date: Mon, 16 Jun 2008 19:38:46 GMT Content-Type: text/html Content-Length: 1293 Expires: Mon, 16 Jun 2008 19:38:46 GMT X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 WWW-Authenticate: Basic realm=ftp someone X-Cache: MISS from henrik X-Cache-Lookup: MISS from henrik:3128 Via: 1.0 henrik:3128 (squid/2.HEAD-CVS) Connection: close Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Issues with Squid and authenticated sites
On ons, 2008-06-11 at 22:34 -0300, Henrique Machado wrote: The problem is: everytime when trying to access a website that asks for a user and a password (some FTP sites and even some websites), I don´t receive the INPUT USERNAME AND PASSWORD box. When I had no authentication method running in Squid, I´d get an error message when trying to authenticate. Squid sent the command FTPpassword and received the reply ´User anonymous cannot log in´ (this one is for FTP sites). And because you told Squid to access anonymous FTP. Authenticated FTP uses URLs on the form ftp://user:[EMAIL PROTECTED]/ with some browsers you can leave out the :password part and Squid will prompt for the password. Most browsers fail this however... All around the world I have searched for an answer, and I always received the same one: Place the username and password in the URL. K, fine, that works, partially, because the FTP always opens as read-only (and also the idea of having users´s passwords in our log files is against our security policy). Squid does not log the password component of the requested URL. The same goes for the websites that require authentication (this situation happens mostly when it´s an authentication method from Apache or IIS): no authentication box. That's a different problem. Should work out of the box except for sites using NTLM authentication. For those you need to use Squid-2.6 or 2.7 as Squid-3 do not yet have the needed workarounds to play well with Microsofts bending of the HTTP message model... Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Issues with Squid and authenticated sites
And because you told Squid to access anonymous FTP. Authenticated FTP uses URLs on the form ftp://user:[EMAIL PROTECTED]/ with some browsers you can leave out the :password part and Squid will prompt for the password. Most browsers fail this however... Indeed. Some people also told me that, but the only different thing is the message saying that User name_of_the_user cannot log in. What can I do? Squid does not log the password component of the requested URL. I checked on that. You´re right, sorry about that. But the FTP still opens as read-only. Any ideas? I checked the squid manuals for any options related to ftp management, but none of them helped me out :( 2008/6/12 Henrik Nordstrom [EMAIL PROTECTED]: On ons, 2008-06-11 at 22:34 -0300, Henrique Machado wrote: The problem is: everytime when trying to access a website that asks for a user and a password (some FTP sites and even some websites), I don´t receive the INPUT USERNAME AND PASSWORD box. When I had no authentication method running in Squid, I´d get an error message when trying to authenticate. Squid sent the command FTPpassword and received the reply ´User anonymous cannot log in´ (this one is for FTP sites). And because you told Squid to access anonymous FTP. Authenticated FTP uses URLs on the form ftp://user:[EMAIL PROTECTED]/ with some browsers you can leave out the :password part and Squid will prompt for the password. Most browsers fail this however... All around the world I have searched for an answer, and I always received the same one: Place the username and password in the URL. K, fine, that works, partially, because the FTP always opens as read-only (and also the idea of having users´s passwords in our log files is against our security policy). Squid does not log the password component of the requested URL. The same goes for the websites that require authentication (this situation happens mostly when it´s an authentication method from Apache or IIS): no authentication box. That's a different problem. Should work out of the box except for sites using NTLM authentication. For those you need to use Squid-2.6 or 2.7 as Squid-3 do not yet have the needed workarounds to play well with Microsofts bending of the HTTP message model... Regards Henrik
Re: [squid-users] Issues with Squid and authenticated sites
On tor, 2008-06-12 at 17:22 -0300, Henrique Machado wrote: I checked on that. You´re right, sorry about that. But the FTP still opens as read-only. Any ideas? File a bug report with your browser vendor, it's a known shortcoming of current browsers. Netscape 3 did support uploads via HTTP proxies. MSIE has never supported it. Firefox has forgotten how to do it.. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] Issues with Squid and authenticated sites
Good evening, First time in the list, and I´m having a terrible issue with my squid. Had 2.5STABLE12 running with no auth and recently upgraded to 3.0STABLE6 with auth against Windows DC. The problem is: everytime when trying to access a website that asks for a user and a password (some FTP sites and even some websites), I don´t receive the INPUT USERNAME AND PASSWORD box. When I had no authentication method running in Squid, I´d get an error message when trying to authenticate. Squid sent the command FTPpassword and received the reply ´User anonymous cannot log in´ (this one is for FTP sites). All around the world I have searched for an answer, and I always received the same one: Place the username and password in the URL. K, fine, that works, partially, because the FTP always opens as read-only (and also the idea of having users´s passwords in our log files is against our security policy). The same goes for the websites that require authentication (this situation happens mostly when it´s an authentication method from Apache or IIS): no authentication box. After the upgrade, when accessing sites/FTP that require authentication, I keep getting an authentication box, but from my proxy, not from the website/FTP. Unfortunetly Google couldn´t help me out with this situation, and since I had luck when consulting the netfilter list for some issues with iptables, I hope I´d get the same result coming to squid list. I thank everyone in advance for the attention. Henrique