Squid drops authorization header before forwarding

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid drops authorization header before forwarding

Hariharan Sethuraman
Hi,

I have my squid as reverse proxy (without any auth) between my client and a web server.  My HTTP request from client has an Authorization in its HTTP header which I wanted it to be forwarded to target server. But from cache.log I see squid is dropping before sending it to my web server, could someone help on what I am missing?

Thanks,
Hari


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid drops authorization header before forwarding

Matus UHLAR - fantomas
On 06.08.18 23:14, Hariharan Sethuraman wrote:
>I have my squid as reverse proxy (without any auth) between my client and a
>web server.  My HTTP request from client has an Authorization in its HTTP
>header which I wanted it to be forwarded to target server. But from
>cache.log I see squid is dropping before sending it to my web server, could
>someone help on what I am missing?

did you configure proxy manually in the browser or do you use intercepting?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid drops authorization header before forwarding

Matus UHLAR - fantomas
>On 06.08.18 23:14, Hariharan Sethuraman wrote:
>>I have my squid as reverse proxy (without any auth) between my client and a
>>web server.  My HTTP request from client has an Authorization in its HTTP
>>header which I wanted it to be forwarded to target server. But from
>>cache.log I see squid is dropping before sending it to my web server, could
>>someone help on what I am missing?

On 06.08.18 19:49, Matus UHLAR - fantomas wrote:
>did you configure proxy manually in the browser or do you use intercepting?

oh, sorry, now I read "reverse proxy".
what is the http_port line?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid drops authorization header before forwarding

Hariharan Sethuraman
I tried allow_direct as well as defaultsite under accel.
Wondering if I should recompile squid with enable-http-violation and use below ACL /
request_header_access Authorization deny all


On Mon, Aug 6, 2018 at 11:23 PM, Matus UHLAR - fantomas <[hidden email]> wrote:
On 06.08.18 23:14, Hariharan Sethuraman wrote:
I have my squid as reverse proxy (without any auth) between my client and a
web server.  My HTTP request from client has an Authorization in its HTTP
header which I wanted it to be forwarded to target server. But from
cache.log I see squid is dropping before sending it to my web server, could
someone help on what I am missing?

On 06.08.18 19:49, Matus UHLAR - fantomas wrote:
did you configure proxy manually in the browser or do you use intercepting?

oh, sorry, now I read "reverse proxy".
what is the http_port line?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? _______________________________________________


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid drops authorization header before forwarding

Hariharan Sethuraman
I found that login=PASS in cache_peer directive helped.

Thanks,
Hari

On Mon, Aug 6, 2018 at 11:29 PM, Hariharan Sethuraman <[hidden email]> wrote:
I tried allow_direct as well as defaultsite under accel.
Wondering if I should recompile squid with enable-http-violation and use below ACL /
request_header_access Authorization deny all


On Mon, Aug 6, 2018 at 11:23 PM, Matus UHLAR - fantomas <[hidden email]> wrote:
On 06.08.18 23:14, Hariharan Sethuraman wrote:
I have my squid as reverse proxy (without any auth) between my client and a
web server.  My HTTP request from client has an Authorization in its HTTP
header which I wanted it to be forwarded to target server. But from
cache.log I see squid is dropping before sending it to my web server, could
someone help on what I am missing?

On 06.08.18 19:49, Matus UHLAR - fantomas wrote:
did you configure proxy manually in the browser or do you use intercepting?

oh, sorry, now I read "reverse proxy".
what is the http_port line?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? _______________________________________________



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid drops authorization header before forwarding

Amos Jeffries
Administrator
On 07/08/18 16:28, Hariharan Sethuraman wrote:
> I found that login=PASS in cache_peer directive helped.
>

Indeed. cache_peer controls what Squid sends to that particular peer server.

>
> On Mon, Aug 6, 2018 at 11:29 PM, Hariharan Sethuraman wrote:
>
>     I tried allow_direct as well as defaultsite under accel.
>     Wondering if I should recompile squid with enable-http-violation and
>     use below ACL /
>
>     request_header_access Authorization deny all
>

This tells Squid that it is forbidden from sending Authorization headers
to the origin server. If you still have it in your config after the
experiments you will need to remove.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users