Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write header Proxy-Authorization before read-status-line to avoid HTTP status code 407 #110

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Write header Proxy-Authorization before read-status-line to avoid HTTP status code 407 #110

wants to merge 1 commit into from

Conversation

muyinliu
Copy link

@muyinliu muyinliu commented Jan 9, 2021
edited
Loading

Tested with Squid

Squid config example:

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost

# Auth config
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

# And finally deny all other access to this proxy
http_access deny all

http_port 3128

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

cache deny all

add auth user:password line to file /etc/squid/passwd with command:

htpasswd -c /etc/squid/passwd username

Note: enter password & enter twice to complete.

test with drakma:

;; test proxying-https-p condition
(drakma:http-request "https://www.example.com/"
                     :proxy '("127.0.0.1" 3128)
                     :proxy-basic-authorization '("username" "password"))

;; test NOT proxying-https-p condition
(drakma:http-request "http://www.example.com/"
                     :proxy '("127.0.0.1" 3128)
                     :proxy-basic-authorization '("username" "password"))

compared curl command:

curl -v -x http://username:password@:127.0.0.1:3128 http://www.example.com
curl -v -x http://username:password@:127.0.0.1:3128 https://www.example.com

debug tools: Wireshark, filter rule: tcp.port==3128

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@muyinliu