Tom Tux wrote:
> Hi Amos
>
> Thanks a lot for this informations.
>
> Is it usual/normal, that all https-requests have this error?
100% depends on your configuration file.
> 1282899033.246 0 xx.xx.xx.xx TCP_DENIED/407 3720 CONNECT
> mail.google.com:443 - NONE/- text/html
>
> As I already mentioned: The sites, which are denied in the access.log,
> are normal accessible and appears correctly (this is, what I don't
> understand....mmmh....).
> I think, that I don't have rules, which explicitly require another
> authentication instead of kerberos. Here is an extract of my
407 does not mean try "other" authentication.
It means "send me your login or go away".
The browser is failing to send kerberos login details so gets sent a
407. It reacts by:
(a) sending the credentials and being allowed,
or (b) doing a popup for the user,
or (c) showing the user an error page.
> squid.conf:
>
> The ACL "INTERNET_ACCESS" is an external_acl with squid_kerb_ldap:
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> # Block invalid Users
> http_access deny !INTERNET_ACCESS
* requires login details to be supplied before it can be tested.
If login is not provided already Squid sends 407.
> http_access allow INTERNET_ACCESS
* requires login details to be supplied before it can be tested.
> http_access deny all
>
> When I trace the http/https-traffic with httpfox (firefox-addon), then
> I got also no errors or denies back.
>
> Thanks a lot for all helps.
> Tom
>
The configuration you have displayed requires login details to be
supplied before *ANY* web request is permitted.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.7 Beta testers wanted for 3.2.0.1Received on Sat Aug 28 2010 - 04:17:58 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 28 2010 - 12:00:02 MDT