RE: [squid-users] Re: LDAP authentication with Squid

From: Gerard Eviston <geviston@dont-contact.us>
Date: Thu, 22 Aug 2002 22:48:10 +1000

> > > > 2. Outlook Express does not work if I enable authentication on
> Squid.
> > What
> > > > could be the problem ?
> > >
> > > Probably Outlook Express..
> >
> > Yes, you are right. Check out this URL from Microsoft, where they
have
> > documented the issue.
> > http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q247335&
> >
> > Is it atleast possible to allow unauthenticated access ONLY to
Hotmail
> > using acls ?
>
> Sure. Just allow them before where you require authentication.
>

A little off-topic, but I have noticed that clients which have
previously authenticated with the proxy (for sites other than hotmail in
this example) will continue to send Proxy-Authorization headers for the
rest of the session. The documented behaviour of squid is to keep this
header in-tact if it would not be used. In the example above, and I have
observed in 2.2S3, this causes user credentials to be revealed to
upstream proxies - creating a security risk and/or problems for
non-squid parents which are easily confused. Is it also possible that
credentials could be revealed to the origin server hotmail.com in the
example above?
Received on Thu Aug 22 2002 - 06:47:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:48 MST