Hi Amos,
First of all sorry for the delay.
Yes, the header_access tag it's not accepted on 3.0 S 16, I've tried
with reply_header_access with the same result: none. Same entries on
access.log:
172.28.3.186 - - [20/Jul/2009:12:10:26 +0200] "CONNECT
tp.seg-social.es:443 HTTP/1.1" 407 2015 TCP_DENIED:NONE
In the access.log of the parent proxy I get:
1248084163.393 131533 172.28.129.250 TCP_MISS/000 2696 CONNECT
tp.seg-social.es:443 - DEFAULT_PARENT/172.16.100.230 -
This is part of my conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm ProxySquid
auth_param basic credentialsttl 2 hours
external_acl_type winbind_group children=10 %LOGIN /usr/sbin/wbinfo_group.pl
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl javaConnect method CONNECT
reply_header_access Proxy-Authenticate deny Java javaConnect
header_replace Proxy-Authenticate basic realm=ProxySquid
and after that the http_access tags
Another question, the realm value must be the same as defined on
"auth_param basic realm ProxySquid " or may be the domain name as
defined on smb.conf? In my case it's not the same value.
2009/7/2 Amos Jeffries <squid3_at_treenet.co.nz>:
> On Wed, 1 Jul 2009 12:56:43 +0200, Gontzal <gontzalp_at_gmail.com> wrote:
>> Hi,
>>
>> I've recompiled squid, now 3.0 stable 16 on a non-production opensuse
>> 10.3 server with the --enable-http-violations option
>> I've added the following lines to my squid.conf file:
>>
>> acl Java browser Java/1.4 Java/1.5 Java/1.6
>>
>> header_access Proxy-Authenticate deny Java
>> header_replace Proxy-Authenticate Basic realm="XXXX"
>>
>> The header tags are before the http_access tags, I don't know if it is
>> correct. I've also disable the option http_access allow Java
>>
>> Squid runs correctly but when i check for java, it doesn't work, it
>> don't ask for basic auth and doesn't show the java applet page.
>>
>> On the access log it shows lines like this one:
>>
>> (01/Jul 12:46:01) (TCP_DENIED/407/NONE) (172.28.3.186=>172.28.129.250)
>> (tp.seg-social.es:443) text/html-2226bytes 1ms
>>
>> I've changed the identity of my browser from firefox to java and it
>> browses using ntlm auth instead of asking for user/passwd
>>
>> Where can be the problem?
>
> In squid-3 the header_access has been broken in half.
>
> I believe you are needing to use reply_header_access.
>
> Amos
>
>>
>> Thanks again!
>>
Received on Mon Jul 20 2009 - 10:31:39 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 22 2009 - 12:00:05 MDT