I'm having problems using "auto-login" (it was implemented into Squid in 2.1, I'm currently running 2.3 stable4). The proxy is set up to be a traditional forward proxy.
Using IE 5 or lower or Netscape 3.04 or lower, I can authenticate users on the proxy using the format http://userid:password@url/
Using IE 5.01 or higher or Netscape 4.08 or higher, this authentication doesn't work and I am prompted as if the User and password weren't on the URL.
I have set enable log_mime_hdrs, and I ended up with the 2 following lines in the access.log
For IE6 (where it doesn't authenticate automatically):
1010434804.171 1 192.168.0.3 TCP_DENIED/407 1360 GET http://192.168.0.2/ - NONE/- - [Accept: */*\r\nAccept-Language: en-gb\r\nAccept-Encoding: gzip, deflate\r\nIf-Modified-Since: Tue, 11 Dec 2001 13:44:37 GMT; length=87\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)\r\nHost: 192.168.0.2\r\nProxy-Connection: Keep-Alive\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: Squid/2.3.STABLE4\r\nMime-Version: 1.0\r\nDate: Mon, 07 Jan 2002 20:20:04 GMT\r\nContent-Type: text/html\r\nContent-Length: 965\r\nExpires: Mon, 07 Jan 2002 20:20:04 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: Basic realm="Squid proxy-caching web server"\r\n\r]
For IE 3.02 (where it does authenticate automatically):
1010435232.279 0 192.168.0.4 TCP_IMS_HIT/304 218 GET http://192.168.0.2/ test NONE/- text/html [Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\nAccept-Language: en\r\nUA-pixels: 800x600\r\nUA-color: color32\r\nUA-OS: Windows 95\r\nUA-CPU: x86\r\nIf-Modified-Since: Tue, 11 Dec 2001 13:44:37 GMT; length=87\r\nUser-Agent: Mozilla/2.0 (compatible; MSIE 3.0; Windows 95)\r\nHost: 192.168.0.2\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Basic dGVzdDp0ZXN0MTIz\r\n] [HTTP/1.0 304 Not Modified\r\nDate: Tue, 08 Jan 2002 17:13:19 GMT\r\nContent-Type: text/html\r\nLast-Modified: Tue, 11 Dec 2001 13:44:37 GMT\r\n\r]
I have had a very good look around to see what I can find on this behaviour and I've got nothing at all solid as yet.
I've read RFC's 2068 (http 1.1), 2069 (Digest Authentication), 2616 (update to 2068) and 2617 and I haven't seen anything on authenticating to a proxy server using the URL or if the username and password on the URL to be only be allowed to be passed to the destination web server.
Has anyone got this type of authentication working on IE >= 5.01 or Netscape >= 4.08?
Many thanks for your time to read this, any help / suggestions would be greatly appreciated.
Philip Bush
Received on Wed Jan 09 2002 - 08:28:02 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:47 MST