RE: [squid-users] Anonymous Access to one site

From: Phil Smith <PSmith@dont-contact.us>
Date: Thu, 6 Nov 2003 10:18:20 -0500

This is their configuration problems page
https://www.bidding.freemarkets.com/ConfigurationIssues.asp

I am still unable to get the application to load

Here is a snip of my acl lists
acl bidwaredom dstdomain .freemarkets.com
acl bidwareprt port 9080
acl bidwareip1 dst 205.247.137.57
acl bidwareip2 dst 205.247.137.58
acl bidwareip3 dst 205.247.137.59
acl ProxyUsers external NT_global_group ProxyUsers
acl password proxy_auth REQUIRED
acl privoxy1 src 127.0.0.1
acl privoxy2 src 192.168.4.3
acl all src 0.0.0.0/0.0.0.0

and then the http_access
http_access allow privoxy1
http_access allow privoxy2
http_access allow bidwareprt
http_access allow bidwaredom
http_access allow bidwareip1
http_access allow bidwareip2
http_access allow bidwareip3
http_access allow password ProxyUsers
http_access deny all

What have I done wrong?

>-----Original Message-----
>From: Phil Smith
>Sent: Thursday, November 06, 2003 10:05 AM
>To: 'squid-users@squid-cache.org'
>Subject: RE: [squid-users] Anonymous Access to one site
>
>
>This is actually the message back from the site
>
>"The application and the JRE may not be able to intercept all types of
>authentication with proxies. If your proxy environment is configured to
>require either NT Challenge-Response or Basic Authentication, the
>application may not properly connect through your proxy. In
>this case, you
>may need to set your proxy to allow anonymous connections through the
>proxy."
>
>>-----Original Message-----
>>From: Henrik Nordstrom [mailto:hno@squid-cache.org]
>>Sent: Thursday, November 06, 2003 9:45 AM
>>To: Phil Smith
>>Cc: 'squid-users@squid-cache.org'
>>Subject: Re: [squid-users] Anonymous Access to one site
>>
>>
>>On Thu, 6 Nov 2003, Phil Smith wrote:
>>
>>> I am running squid in an NT environment. We use NT
>>authentication to grant
>>> or deny users access to the web via NT global groups. This
>>works great
>>> except for one site that apparently uses its own
>>authentication and dies on
>>> our squid proxy.
>>
>>Almost certainly this one site is using "Microsoft Integrated Login"
>>(NTLM and friends) authentication which can not be proxied.
>>This problem
>>is not related to you using proxy authentication or not.
>>
>>The ways around this are
>>
>>a) To convince the site operators to enable support for the
>>standard Basic
>>HTTP authentication scheme ("Plain Text" in the IIS configuration).
>>
>>b) Configure your browsers to not use a proxy for reaching
>>this web site.
>>
>>Microsoft has a number of good KB documents on why "Microsoft
>>Integrated
>>Login" mechanisms should not be used over the Internet.
>>
>>Regards
>>Henrik
>>
>
Received on Thu Nov 06 2003 - 08:18:25 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:09 MST