So we had some issues using django-piston (a webservice framework for Django) in combination with HTTP Basic authorization. By default both Squid and mod_wsgi will not forward the HTTP_AUTHORIZATION headers to the next layer. So if you have a wsgi application that does its own authorization you need to do the following:
In your squid.conf you need to add the login=PASS to the cache_peer entries that add apache as cache_peer to Squid. We tend to bind apache on the localhost interface and have Squid take care of port 80 on the public interface:
cache_peer 127.0.0.1 parent 80 0 no-query originserver login=PASS
see: Squid FAQ
Then for mod_wsgi you need to do the same by adding the WSGIPassAuthorization On setting to your vhost file
WSGIDaemonProcess mysite processes=10 threads=15 maximum-requests=10000 user=mysite group=sites
WSGIRestrictStdout Off
<VirtualHost *:80>
ServerName mysite.example.org
ServerAdmin me@example.org
ServerSignature Off
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
WSGIProcessGroup mysite
WSGIPassAuthorization On
<Directory /srv/sites/mysite/>
Order Deny,Allow
Allow from all
</Directory>
WSGIScriptAlias / /srv/sites/mysite/django.wsgi
</VirtualHost>
Using Fabric to update a remote svn checkout with ssh public key authentication Openfiler permission problems with shares on MacOSX and Windows