使用基本授权配置 Windows 版 Squid,但输入正确的用户名/密码后,Squid 仍然拒绝访问

tag-icon tag-icon configuration squid
使用基本授权配置 Windows 版 Squid,但输入正确的用户名/密码后,Squid 仍然拒绝访问

我安装了适用于 Windows 的 squid-2.7-stable8,尝试仅让授权用户访问互联网。但不幸的是,当我在客户端浏览器中输入用户名/密码后,squid 仍然返回HTTP 403 访问被拒绝错误(配置已完成并且 squid 已重新启动)。

我错过了什么?

文件c:\squid\etc\squid.conf(使用默认值,并进行以下修改)

# this is the first uncommented line
include ../etc/squid-acl-cm.conf

#... the default minimum settings

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
include ../etc/squid-http_access-cm.conf

# Here, I disabled/commented localnet
#http_access allow localnet 

# And finally deny all other access to this proxy
http_access deny all

文件c:\squid\etc\squid-acl-cm.conf

auth_param basic program ../libexec/ncsa_auth.exe ../etc/password.txt
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off

acl User_Authorized proxy_auth -i REQUIRED

文件c:\squid\etc\squid-http_access-cm.conf

http_port 8888
error_directory c:/squid/share/errors/Simplify_Chinese
cache_mgr TechSupport

http_access allow User_Authorized

文件c:\squid\etc\password.txt

liuyan:$apr1$JB1IxUS9$t/2b09Xo5GgV08.MeLArH0

密码验证

C:\squid\bin>..\libexec\ncsa_auth.exe ../etc/password.txt
liuyan 123
OK
liuyan  123
ERR Wrong password
liuyan1 123
ERR No such user

而且,Microsoft 网络监视器 3.4从客户端 PC 捕获结果

  Frame: Number = 6, Captured Frame Length = 744, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[A6-C8-20-00-02-00],SourceAddress:[02-00-02-00-00-00]
+ Ipv4: Src = 192.168.117.138, Dest = 192.168.115.245, Next Protocol = TCP, Packet ID = 3619, Total IP Length = 730
+ Tcp: Flags=...AP..., SrcPort=1784, DstPort=3128, PayloadLen=678, Seq=2725249880 - 2725250558, Ack=2901852307, Win=32768 (scale factor 0x3) = 262144
- Http: Request, GET http://superuser.com/ 
    Command: GET
  + URI: http://superuser.com/
    ProtocolVersion: HTTP/1.1
    Host:  superuser.com
    UserAgent:  Mozilla/5.0 (Windows NT 5.2; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
    Accept:  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language:  zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
    Accept-Encoding:  gzip, deflate
    ProxyConnection:  keep-alive
    Referer:  http://stackoverflow.com/questions/tagged/java
  + Cookie: **I HAVE ATE MY COOKIES**
    HeaderEnd: CRLF


  Frame: Number = 7, Captured Frame Length = 500, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[02-00-02-00-00-00],SourceAddress:[A6-C8-20-00-02-00]
+ Ipv4: Src = 192.168.115.245, Dest = 192.168.117.138, Next Protocol = TCP, Packet ID = 13018, Total IP Length = 486
+ Tcp: Flags=...AP..., SrcPort=3128, DstPort=1784, PayloadLen=434, Seq=2901852307 - 2901852741, Ack=2725250558, Win=64857 (scale factor 0x0) = 64857
- Http: Response, HTTP/1.0, Status: Proxy authentication required, URL: http://superuser.com/ , Using Basic realm="Squid proxy-caching web server" Authentication
    ProtocolVersion: HTTP/1.0
    StatusCode: 407, Proxy authentication required
    Reason: Proxy Authentication Required
    Server:  squid/2.7.STABLE8
    Date:  Sat, 04 Aug 2012 02:45:46 GMT
  + ContentType:  text/html
    ContentLength:  1688
    X-Squid-Error:  ERR_CACHE_ACCESS_DENIED 0
  + ProxyAuthenticate: Basic realm="Squid proxy-caching web server"
    X-Cache:  MISS from fileshare.cmcall.com
    X-Cache-Lookup:  NONE from fileshare.cmcall.com:8888
    Via:  1.0 fileshare.cmcall.com:8888 (squid/2.7.STABLE8)
    Connection:  close
    HeaderEnd: CRLF


  Frame: Number = 19, Captured Frame Length = 789, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[A6-C8-20-00-02-00],SourceAddress:[02-00-02-00-00-00]
+ Ipv4: Src = 192.168.117.138, Dest = 192.168.115.245, Next Protocol = TCP, Packet ID = 3656, Total IP Length = 775
+ Tcp: Flags=...AP..., SrcPort=1786, DstPort=3128, PayloadLen=723, Seq=3339579759 - 3339580482, Ack=3553182034, Win=32768 (scale factor 0x3) = 262144
- Http: Request, GET http://superuser.com/ , Using Basic Authorization
    Command: GET
  + URI: http://superuser.com/
    ProtocolVersion: HTTP/1.1
    Host:  superuser.com
    UserAgent:  Mozilla/5.0 (Windows NT 5.2; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
    Accept:  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language:  zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
    Accept-Encoding:  gzip, deflate
    ProxyConnection:  keep-alive
    Referer:  http://stackoverflow.com/questions/tagged/java
  + Cookie: **I HAVE ATE MY COOKIES**
  - ProxyAuthorization: Basic
   - Authorization:  Basic bGl1eWFuOjEyMw==
      WhiteSpace:  
    - BasicAuthorization: 
       Scheme: Basic
     + Realm: liuyan:123
    HeaderEnd: CRLF


  Frame: Number = 22, Captured Frame Length = 408, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[02-00-02-00-00-00],SourceAddress:[A6-C8-20-00-02-00]
+ Ipv4: Src = 192.168.115.245, Dest = 192.168.117.138, Next Protocol = TCP, Packet ID = 15424, Total IP Length = 394
+ Tcp: Flags=...AP..., SrcPort=3128, DstPort=1786, PayloadLen=342, Seq=3553182034 - 3553182376, Ack=3339580482, Win=64812 (scale factor 0x0) = 64812
- Http: Response, HTTP/1.0, Status: Forbidden, URL: http://superuser.com/ 
    ProtocolVersion: HTTP/1.0
    StatusCode: 403, Forbidden
    Reason: Forbidden
    Server:  squid/2.7.STABLE8
    Date:  Sat, 04 Aug 2012 02:45:50 GMT
  + ContentType:  text/html
    ContentLength:  1142
    X-Squid-Error:  ERR_ACCESS_DENIED 0
    X-Cache:  MISS from fileshare.cmcall.com
    X-Cache-Lookup:  NONE from fileshare.cmcall.com:8888
    Via:  1.0 fileshare.cmcall.com:8888 (squid/2.7.STABLE8)
    Connection:  close
    HeaderEnd: CRLF

答案1

删除 proxy_auth acl 中的 -i,它不是必需的。看起来 REQUIRED 关键字写得不正确,或者那里可能有不可打印的字符。删除并重新写入以确保无误。

答案2

对于任何通过搜索来到这里的人来说,需要强调的一件事,也是 Diego 所指出的,那就是:

http_access allow User_Authorized应该 http_access deny all

相关内容