So we had some issues using django-piston (a webservice framework for Django) in combination with HTTP Basic authorization. By default both Squid and mod_wsgi will not forward the HTTP_AUTHORIZATION headers to the next layer. So if you have a wsgi application that does its own authorization you need to do the following:
In your squid.conf you need to add the login=PASS to the cache_peer entries that add apache as cache_peer to Squid. We tend to bind apache on the localhost interface and have Squid take care of port 80 on the public interface:
cache_peer 127.0.0.1 parent 80 0 no-query originserver login=PASS
see: Squid FAQ
Then for mod_wsgi you need to do the same by adding the WSGIPassAuthorization On setting to your vhost file
WSGIDaemonProcess mysite processes=10 threads=15 maximum-requests=10000 user=mysite group=sites
WSGIRestrictStdout Off
<VirtualHost *:80>
ServerName mysite.example.org
ServerAdmin me@example.org
ServerSignature Off
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
WSGIProcessGroup mysite
WSGIPassAuthorization On
<Directory /srv/sites/mysite/>
Order Deny,Allow
Allow from all
</Directory>
WSGIScriptAlias / /srv/sites/mysite/django.wsgi
</VirtualHost>
Using Fabric to update a remote svn checkout with ssh public key authentication Openfiler permission problems with shares on MacOSX and Windows
If you found this post useful, funny or whatever, let us know without writing a full comment!