RE: [squid-users] Re: HTTPS site

From: Montervino, Mariano <[email protected]>
Date: Wed, 7 Apr 2004 15:53:57 -0300

Adam, first of all thanks for your replay...
I try your suggestion but the problem persist.

Bellow is acl extract of the squid.conf

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl yahoo dstdomain .msg.yahoo.com
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 85
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
always_direct allow yahoo
acl localnet proxy_auth REQUIRED

no_cache deny all
http_access allow localhost
http_access allow manager localhost
#http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
never_direct allow all

Cheers...

-----Mensaje original-----
De: Adam Aube [mailto:aaube01@baker.edu]
Enviado el: Mi�rcoles, 07 de Abril de 2004 14:49
Para: squid-users@squid-cache.org
Asunto: [squid-users] Re: HTTPS site

Montervino, Mariano wrote:

> I�m using squid Version 2.5.STABLE5 and Samba 3.0.2a in a windows network.

> If i configure IE to use "use http 1.1" plus "use http 1.1 through proxy
> connection" options i couldn�t access somes site using ssl. The access.log
> show that for thats sites the user doesn�t authenticate; but in this
> scenario yahoo messenger work fine.

> If i configure IE to use only "use http 1.1" option all ssl site work
> fine; but in this scenario yahoo messenger stop working. Below is a
> extract of access.log

I can understand your frustration - we had the same problem at a site I
worked at. Never could figure out how to get Yahoo! messenger working, but
also didn't invest an enormous amount of time into it, as Yahoo! messenger
was personal use, not business-related.

One thing you could try is specifically allowing .msg.yahoo.com (using a
dstdomain acl) before you require authentication. You would lose the
tracking and access control the authentication provides, but that's your
call.

I would also recommend complaining to Yahoo! about it, as they make the
software.

Adam
Received on Wed Apr 07 2004 - 12:59:10 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT