Hi,
Amos Jeffries wrote,
> > What do you think? What might be a solution to this problem? I can't
> > restart squid when changing the ACL rules, because then all users in
> > the network would be disconnected.
>
> You could set the request_timeout to be short. This would make the
> CONNECT requests terminate after a few minutes.
Will try that.
> You could also use SSL-bump feature in Squid. This has a double benefit
> of allowing the control software acting on the HTTPS requests and
> preventing SPDY etc. being used by the browser.
This is not wanted by my boss. Probably because of ethical reasons.
If a user uses https, he normally believes his traffic is secure and
we want that this is the case.
Going back to the initial problem, slow NTLM authentications with
newer browsers. Would it be worth to switch completely to Negotiate?
Or is it possible to cache the NTLM authentication results, so that
Squid does not need to fork a ntlm auth helper on every request?
Thanks
Waldemar
Received on Wed Apr 09 2014 - 05:16:35 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 09 2014 - 12:00:05 MDT