当运行 squid(4.10,从 apt 安装或 5.6 从 docker ubuntu/squid:latest 安装)并添加简单的用户身份验证时,所有请求都会被 squid 以 HTTP 407 丢弃。目的是有一个简单的代理来测试应用程序内 HTTP/REST 调用的身份验证。
squid.conf:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic children 5
auth_param basic utf8 on
auth_param basic credentialsttl 60 minutes
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 3128
我的 /etc/squid/passwords 文件中有两个用户“UserB”(密码“UserB”)和“Test”(密码“test”),它们是用 htpasswd 创建的:
# cat /etc/squid/passwords
UserB:$apr1$wuSDCp9q$VLoy.ClARK3BRyB5L4rrW0
Test:$apr1$fhr7JXM.$VHHPwrJSTkIoUWpdfDm/K.
通过 /usr/lib/squid/basic_ncsa_auth 进行身份验证似乎有效:
# /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
test test
ERR No such user
Test test
OK
UserB UserB
OK
UserB WrongPassword
ERR Wrong password
密码文件对于 Squid 是可读的(chmod 777):
# ls -alh /etc/squid/passwords
-rwxrwxrwx 1 root root 87 Nov 11 07:50 /etc/squid/passwords
即使使用正确的凭据,所有请求仍然会被丢弃,错误代码为 407(来自 /var/squid/access.log):
2022-11-11 11:03:54 1668161034.406 1 172.17.0.1 TCP_DENIED/407 4196 CONNECT www.google.com:443 test HIER_NONE/- text/html
2022-11-11 11:03:54 1668161034.411 1 172.17.0.1 TCP_DENIED/407 4196 CONNECT www.google.com:443 test HIER_NONE/- text/html
2022-11-11 11:03:58 1668161038.434 0 172.17.0.1 TCP_DENIED/407 4196 CONNECT www.google.com:443 test HIER_NONE/- text/html
2022-11-11 11:04:33 1668161073.398 0 172.17.0.1 TCP_DENIED/407 4161 CONNECT www.google.com:443 userb HIER_NONE/- text/html
我正在测试的应用程序是 Firefox Portable,具有专用的代理设置:
在如此简单的设置中,还有什么可能出错呢?