通过互联网进行Squid服务器（NAT后面）的基本身份验证

Question

I have googled for "basic authentication not working over internet in squid server" kind of searches with no appropriate answer for my problem.

Here is my problem: I have set up a squid proxy server behind a firewall. I have forwarded a port (54321) to port 9999 where squid proxy is listening. Now everything is fine. I can connect to this proxy from anywhere. But I needed some kind of authentication, thus enabled basic_ncsa_auth. Now, I can access internet after authentication from my LAN computers. Fine, everything is going as I wanted to but,

from internet I have popup for username/password (firefox), and after authentication I get "cache access denied" message from squid proxy.

I would really appreciate if someone points me what I'm doing wrong here.

Here is my squid.conf file:

http_port 9999
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Network setup: Firewall static IP: Port: 54321 forwarded to Proxy server: 10.11.12.8:9999.

Answer 1

Does your Squid configuration permit http_reply_access?

http_reply_access allow all

If your passwords are longer than 8 characters, you also need to make sure you are not using DES hashing, which is the default for the htpasswd command.

Here's how to create a new password file using the MD5 hashing algorithm:

[root@localhost ~] htpasswd -cm /tmp/passwd testuser
New password: 
Re-type new password: 
Adding password for user testuser

Check the contents of the file:

[root@localhost ~] cat /tmp/password
testuser:$apr1$VxCDyltg$krZ6v7VrnULVOiuS0u6KD1

Verify password using basic_ncsa_auth:

[root@localhost ~] /usr/lib64/squid/basic_ncsa_auth /tmp/passwd
testuser superspurs
OK

Now verify at the CLI:

[root@TLABprx00 ~]# http_proxy=http://localhost:9999/ curl http://www.msftncsi.com/ncsi.txt --proxy-user testuser:superspurs
Microsoft NCSI