AW: [squid-users] WWW-Authenticate header field
I wont, but can provide you everything which I can get on the squid server. For further troubleshooting when connecting I am also getting Alert!: Invalid header 'WWW-Authenticate: Negotiate' Alert!: Invalid header 'WWW-Authenticate: NTLM' And after that that 401 error code with message You are not authorized to view this page as this error message indicates your are using IIS with integrated NTLM user authentication. with using IE (and without squid) you shouldn't see any password prompt at all. you have to configure squid to support NTLM auth via proxy. markus
Re: AW: [squid-users] WWW-Authenticate header field
Bijayant Kumar --- On Thu, 5/2/09, markus.rietz...@rzf.fin-nrw.de markus.rietz...@rzf.fin-nrw.de wrote: From: markus.rietz...@rzf.fin-nrw.de markus.rietz...@rzf.fin-nrw.de Subject: AW: [squid-users] WWW-Authenticate header field To: bijayan...@yahoo.com Cc: squid-users@squid-cache.org Date: Thursday, 5 February, 2009, 3:23 PM I wont, but can provide you everything which I can get on the squid server. For further troubleshooting when connecting I am also getting Alert!: Invalid header 'WWW-Authenticate: Negotiate' Alert!: Invalid header 'WWW-Authenticate: NTLM' And after that that 401 error code with message You are not authorized to view this page as this error message indicates your are using IIS with integrated NTLM user authentication. with using IE (and without squid) you shouldn't see any password prompt at all. This is not the case. When I am accessing without the squid, I am getting the username and password prompt. and after giving the right credentials I am able to see the pages also. But in the case of squid, I am not. you have to configure squid to support NTLM auth via proxy. It means I have to configure same user and password as in webserver for the squid also. Then I have to authenticate two times, first with squid and second with the webserver. Am I right ? markus New Email addresses available on Yahoo! Get the Email name you#39;ve always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/
Re: [squid-users] WWW-Authenticate header field
Bijayant Kumar --- On Wed, 4/2/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] WWW-Authenticate header field To: bijayan...@yahoo.com Cc: squid users squid-users@squid-cache.org Date: Wednesday, 4 February, 2009, 12:12 PM bijayant kumar wrote: I can give only the squid configuration details, because the webserver which is being accessed is not under our control. When we are accessing that webserver without the squid its opening fine, but from squid I am getting the error. Here is the configuration details SQUID 2.6.STABLE13 :- http_port 3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache maximum_object_size 40960 KB cache_dir ufs /var/cache/squid 2000 16 256 access_log /var/log/squid/access.log squid url_rewrite_program /usr/bin/squidGuard -c /etc/squidGuard/squidGuard.conf url_rewrite_children 40 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT follow_x_forwarded_for allow localhost http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports -- some acls are defined according to network -- http_access deny all http_reply_access allow all icp_access allow all visible_hostname x.proxy.blr forwarded_for off coredump_dir /var/cache/squid ie_refresh on Rest all are default values. When web server is being accessed through squid, it prompts the username password(webserver), and after giving the right credentials it gives me the error specified. But without the squid ie going directly to webserver all things are fine means it accepts the username and password. AFAIK, squid configuration is fine because when any webserver with htaccess authentication is being accessed by squid, it opens fine. But not this server. Bijayant Kumar Hmm, transparent proxy and authentication trouble :( I tried without the transparent proxy also. But I am getting the same error. Transparent proxy will create problem only if squid will be used for authentication purpose means squid is configured for any type of authentication, right? In my case Squid is not configured for any authentication, it has to just take the values from client and pass to the webserver, I think. Can you get a look at the challenge and error headers the web server is producing? Amos I wont, but can provide you everything which I can get on the squid server. For further troubleshooting when connecting I am also getting Alert!: Invalid header 'WWW-Authenticate: Negotiate' Alert!: Invalid header 'WWW-Authenticate: NTLM' And after that that 401 error code with message You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. Internet Information Services (IIS) --- On Wed, 4/2/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] WWW-Authenticate header field To: bijayan...@yahoo.com Cc: squid users squid-users@squid-cache.org Date: Wednesday, 4 February, 2009, 10:15 AM bijayant kumar wrote: Hello list, We have a local webserver running in our LAN and it is configured to ask username and password to access. When I am configuring my IE to go use squid then its giving me a error like You are not authorized to view this page You do not have permission to view
Re: [squid-users] WWW-Authenticate header field
bijayant kumar wrote: Hello list, We have a local webserver running in our LAN and it is configured to ask username and password to access. When I am configuring my IE to go use squid then its giving me a error like You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. But when I am not using squid as a proxy ie accessing directly, its opening fine. I am using SQUID 2.6.STABLE13. Is anything wrong with the squid configuration/compilation or I have to change anything in the webserver. Please help me. People can only help with configuration problems when config details are supplied. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12 Current Beta Squid 3.1.0.4
Re: [squid-users] WWW-Authenticate header field
I can give only the squid configuration details, because the webserver which is being accessed is not under our control. When we are accessing that webserver without the squid its opening fine, but from squid I am getting the error. Here is the configuration details SQUID 2.6.STABLE13 :- http_port 3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache maximum_object_size 40960 KB cache_dir ufs /var/cache/squid 2000 16 256 access_log /var/log/squid/access.log squid url_rewrite_program /usr/bin/squidGuard -c /etc/squidGuard/squidGuard.conf url_rewrite_children 40 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT follow_x_forwarded_for allow localhost http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports -- some acls are defined according to network -- http_access deny all http_reply_access allow all icp_access allow all visible_hostname x.proxy.blr forwarded_for off coredump_dir /var/cache/squid ie_refresh on Rest all are default values. When web server is being accessed through squid, it prompts the username password(webserver), and after giving the right credentials it gives me the error specified. But without the squid ie going directly to webserver all things are fine means it accepts the username and password. AFAIK, squid configuration is fine because when any webserver with htaccess authentication is being accessed by squid, it opens fine. But not this server. Bijayant Kumar --- On Wed, 4/2/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] WWW-Authenticate header field To: bijayan...@yahoo.com Cc: squid users squid-users@squid-cache.org Date: Wednesday, 4 February, 2009, 10:15 AM bijayant kumar wrote: Hello list, We have a local webserver running in our LAN and it is configured to ask username and password to access. When I am configuring my IE to go use squid then its giving me a error like You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. But when I am not using squid as a proxy ie accessing directly, its opening fine. I am using SQUID 2.6.STABLE13. Is anything wrong with the squid configuration/compilation or I have to change anything in the webserver. Please help me. People can only help with configuration problems when config details are supplied. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12 Current Beta Squid 3.1.0.4 New Email addresses available on Yahoo! Get the Email name you#39;ve always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/
Re: [squid-users] WWW-Authenticate header field
bijayant kumar wrote: I can give only the squid configuration details, because the webserver which is being accessed is not under our control. When we are accessing that webserver without the squid its opening fine, but from squid I am getting the error. Here is the configuration details SQUID 2.6.STABLE13 :- http_port 3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache maximum_object_size 40960 KB cache_dir ufs /var/cache/squid 2000 16 256 access_log /var/log/squid/access.log squid url_rewrite_program /usr/bin/squidGuard -c /etc/squidGuard/squidGuard.conf url_rewrite_children 40 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT follow_x_forwarded_for allow localhost http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports -- some acls are defined according to network -- http_access deny all http_reply_access allow all icp_access allow all visible_hostname x.proxy.blr forwarded_for off coredump_dir /var/cache/squid ie_refresh on Rest all are default values. When web server is being accessed through squid, it prompts the username password(webserver), and after giving the right credentials it gives me the error specified. But without the squid ie going directly to webserver all things are fine means it accepts the username and password. AFAIK, squid configuration is fine because when any webserver with htaccess authentication is being accessed by squid, it opens fine. But not this server. Bijayant Kumar Hmm, transparent proxy and authentication trouble :( Can you get a look at the challenge and error headers the web server is producing? Amos --- On Wed, 4/2/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] WWW-Authenticate header field To: bijayan...@yahoo.com Cc: squid users squid-users@squid-cache.org Date: Wednesday, 4 February, 2009, 10:15 AM bijayant kumar wrote: Hello list, We have a local webserver running in our LAN and it is configured to ask username and password to access. When I am configuring my IE to go use squid then its giving me a error like You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. But when I am not using squid as a proxy ie accessing directly, its opening fine. I am using SQUID 2.6.STABLE13. Is anything wrong with the squid configuration/compilation or I have to change anything in the webserver. Please help me. People can only help with configuration problems when config details are supplied. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12 Current Beta Squid 3.1.0.4 New Email addresses available on Yahoo! Get the Email name you#39;ve always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
[squid-users] WWW-Authenticate header field
Hello list, We have a local webserver running in our LAN and it is configured to ask username and password to access. When I am configuring my IE to go use squid then its giving me a error like You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. But when I am not using squid as a proxy ie accessing directly, its opening fine. I am using SQUID 2.6.STABLE13. Is anything wrong with the squid configuration/compilation or I have to change anything in the webserver. Please help me. Bijayant Kumar Get your preferred Email name! Now you can @ymail.com and @rocketmail.com. http://mail.promotions.yahoo.com/newdomains/aa/
