Search code examples
proxysquidbasic-authentication

How to correctly add header in TinyProxy to authenticate in Squid


I have a TinyProxy proxy on my router, and it sends traffic to an external parent Squid proxy that is not on the LAN to get processed. I added authorization to Squid so that it is not completely open to the world (user has to provide a username and password if they point their browser to the squid proxy, which works correctly).

Looking at the TinyProxy man pages I can see that it is possible to send basic authorization header information to the Squid parent via tinyproxy, but when I attempt to do so, it is not authenticating correctly (no browser configurations. This is a transparent proxy) and I am getting access errors on Squid's end. Below is an excerpt from the TinyProxy.conf man page:

AddHeader "X-My-Header" "Powered by Tinyproxy"

If the user who is allowed on Squid has the username: test and password: test1234 with the password hash: 123456789 and this is what I include in the TinyProxy.conf file:

AddHeader "Proxy-Authorization" "Basic test:123456789"

it is not authenticating correctly when I attempt to access an HTTP site. Is the format incorrect?

Also for reference, here is my squid.conf

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

#http_access allow all
http_port 3128

Solution

  • I found a solution to my problem. When adding a header, it is not in the form "user:password_hash", it is in the form of a base64 string. i just used an online converter(http://www.tuxgraphics.org/toolbox/base64-javascript.html) to convert "test:test1234" to "dGVzdDp0ZXN0MTIzNA==". The AddHeader line in TinyProxy then becomes:

    AddHeader "Proxy-Authorization" "Basic dGVzdDp0ZXN0MTIzNA=="
    

    And it authenticates perfectly! I hope someone else other than me finds this useful, as I was not able to find a single "TinyProxy" adding header example.