Skip to content

Write header Proxy-Authorization before read-status-line to avoid HTTP status code 407#110

Open
muyinliu wants to merge 1 commit intoedicl:masterfrom
muyinliu:master
Open

Write header Proxy-Authorization before read-status-line to avoid HTTP status code 407#110
muyinliu wants to merge 1 commit intoedicl:masterfrom
muyinliu:master

Conversation

@muyinliu
Copy link

@muyinliu muyinliu commented Jan 9, 2021
edited
Loading

Tested with Squid

Squid config example:

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost

# Auth config
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

# And finally deny all other access to this proxy
http_access deny all

http_port 3128

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

cache deny all

add auth user:password line to file /etc/squid/passwd with command:

htpasswd -c /etc/squid/passwd username

Note: enter password & enter twice to complete.

test with drakma:

;; test proxying-https-p condition
(drakma:http-request "https://www.example.com/"
                     :proxy '("127.0.0.1" 3128)
                     :proxy-basic-authorization '("username" "password"))

;; test NOT proxying-https-p condition
(drakma:http-request "http://www.example.com/"
                     :proxy '("127.0.0.1" 3128)
                     :proxy-basic-authorization '("username" "password"))

compared curl command:

curl -v -x http://username:password@:127.0.0.1:3128 http://www.example.com
curl -v -x http://username:password@:127.0.0.1:3128 https://www.example.com

debug tools: Wireshark, filter rule: tcp.port==3128

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@muyinliu