I need to configure Squid as a reverse proxy with a custom authentication helper for each incoming requests. Every request to Squid is assumed to be with basic authentication. Any connection which fails the authentication, should be terminated. I am a newbie in Squid. Following is the configuration script I have used. This sample is to access "mindofaprogrammer.blog.com",
acl all src all
acl manager proto cache_object
http_port 80 accel defaultsite=mindofaprogrammer.blog.com
cache_peer mindofaprogrammer.blog.com parent 80 0 no-query originserver name=myAccel
acl myblog dstdomain mindofaprogrammer.blog.com
http_access allow myblog
cache_peer_access myAccel allow myblog
cache_peer_access myAccel deny all
auth_param basic program C:/wamp/bin/php/php5.3.0/php.exe "c:/squid/libexec/authhelper.php"
auth_param basic children 2
auth_param basic realm eReader
auth_param basic credentialsttl 5 hours
acl AuthUsers proxy_auth REQUIRED
http_access allow AuthUsers
access_log c:/squid/var/logs/access.log squid
coredump_dir c:/squid/var/cache
I have written the custom authentication helper in a PHP script. The listing of the same is as follows,
<?php
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
$line = trim($line);
$fields = explode(' ', $line);
$username = rawurldecode($fields[0]); //1738
$password = rawurldecode($fields[1]); //1738
if ($username == 'hello'
and $password == 'world') {
fwrite(STDOUT, "OK\n");
} else if ($username == 'fo'
and $password == 'bar') {
fwrite(STDOUT, "OK\n");
} else {
// failed miserably
fwrite(STDOUT, "ERR\n");
}
}
?>
The problem I am facing is, even after configuring this, only the reverse proxy settings are working not the authentication. Am I doing something wrong here?
Best Answer
Apparently I didn't realize that order of configuration statement matters in Squid. The following configuration worked for me. I am posting here for someone who need the same,
The custom authentication helper is still the same.