Re: [squid-users] Problem with website that require authentication

Hi,

Il 22.20 28/07/2002 Luís Fernando C. Talora ha scritto:
>Is there any way to solve the problem, something like preventing squid from
>caching that url or something else?
>
>Thank you,
>
>Talora

 From Squid side, no way. Clients must talk with server directly.
You can configure Your client with a Proxy Autoconfiguration script (.pac)
that excludes the IIS server.

For reference:

http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
http://naragw.sharp.co.jp/sps

Your script must be something like:

function FindProxyForURL(url, host)
{
         // Direct connections to non-FQDN hosts
         if (isPlainHostName(host) ||
         host == "iisserver.its.domain" ||
             host == "127.0.0.1" ||
             host == "localhost")
             return "DIRECT";

         // Direct connections to local domains
         if (dnsDomainIs(host, ".your.domain") ||
             dnsDomainIs(host, ".otheryour.domain"))
             return "DIRECT";

         // Otherwise use proxy

         return "PROXY proxy.your.domain:3128; DIRECT";
}

If IIS server is on your.domain, You don't need the specific exclusion.

Regards

Guido

>----- Original Message -----
>From: "Guido Serassio" <serassio@libero.it>
>To: "Luís Fernando C. Talora" <talora@4networks.com.br>
>Cc: <squid-users@squid-cache.org>
>Sent: Sunday, July 28, 2002 12:40 PM
>Subject: Re: [squid-users] Problem with website that require authentication
>
>
>Hi,
>
>Il 17.24 28/07/2002 Luís Fernando C. Talora ha scritto:
> >Hi, friends!
> >
> >I'm trying to configure squid to work as a caching proxy for a company.
>They
> >have a firewall that divides their network in three segments: Inrternal,
> >External e DMZ. The DMZ contains their web/mail server, runnig M$ IIS and
> >Exchange Server. There's a retricted are in their website, where people who
> >work for the company can login and access their webmail accounts.
> >Here's the problem: when clientes are connecting to the webserver on DMZ
> >without using squid-based proxy server, it appears a login box, asking for:
> >
> > Username;
> > Passowrd;
> > Domain (name of Microsoft Windows NT/2000 domain).
>
>IIS is running in NTLM (Windows integrated) authentication mode.
>This authentication mode is NOT proxable by Microsoft design, even with
>Microsoft proxies.
>
>Regards
>
>Guido
>
> >When using squid, that box becomes different, and asks for username and
> >password. Above the username, appears a line (unchangeable), containig:
> >
> > Realm: www.<domain name>.com
> >
> >I could't understande why that's happening. Can anybody give some help with
> >that?
> >
> >Thank you all,
> >
> >Luís Fernando C. Talora
>
>
>-
>=======================================================
>Serassio Guido
>Via Albenga, 11/4 10134 - Torino -
>ITALY
>E-mail: guido.serassio@serassio.it
>WWW: http://www.serassio.it

-
=======================================================
Serassio Guido
Via Albenga, 11/4 10134 - Torino - ITALY
E-mail: guido.serassio@serassio.it
WWW: http://www.serassio.it
Received on Sun Jul 28 2002 - 14:24:48 MDT