Re: [squid-users] Can not download Windows Updates ...

From: Henrik Nordstrom <[email protected]>
Date: Thu, 7 Oct 2004 19:47:46 +0200 (CEST)

On Wed, 6 Oct 2004, Adam Pearse wrote:

> "You may have to use this registry key if you connect by using a proxy
> server that is handling secure and non-secure requests on the same
> server. One example of this behavior is the SQUID Proxy Server
> software. Because Internet Explorer typically caches port information,
> it may not send a secure request over the correct port number when it
> tries to send secure and non-secure responses to the same server, but
> on different port numbers."

So finally Microsoft managed to exacly replicate an old Netscape Navigator
bug?

There is the notable bug in current versions of MSIE that it completely
forgets to set up the SSL if the proxy requires authentication..

It seems that for every new patchlevel of MSIE 6 they manage to break the
HTTP protocol parts even worse. Can not say I am impressed with their
MSIE quality controls in the recent years..

Anyway, as always there is workarounds.

To work around the specific problem described above configure your Squid
with two http_port directives, one for "normal proxy" and the other for
"secure proxy", and configure your browser accordingly (click on the
"Advanced" proxy settings if your MSIE version only have a single proxy
field).

For the problem of Windows Update not supporting NTLM authentication you
need to add

acl windowsupdate dstdomain .windowsupdate.microsoft.com
http_access allow windowsupdate myclients

before where you require authentication in your list of http_access rules.

add whatever other domains they are using at the moment to the
windowsupdate acl.

myclients is assumed to be an acl matching the range of acceptable client
station IP addresses.

Regards
Henrik
Received on Thu Oct 07 2004 - 11:47:48 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST