On Sun, 8 May 2005, Dylan Carruthers wrote:
> We have squid running as a transparent proxy server that uses a redirector
> process to verify that the incoming IP is enrolled. This works fine but
> we're getting more and more (misconfigured) OWA servers that use http
> instead of https making the requests go through squid instead of being
> direct. I have had to increase the number of redirectors to 32 to cope with
> whatever the exchange gateways are doing but unless we actually get the user
> to by-pass the squid cache completely the user can kind-of login but is
> asked to re-login all the time until they are eventually denied.
This is fixed in Squid-2.5 to ensure the browser can not get fooled into
what looks like a successful NTLM login.
> There are no errors in the cache or access logs (e.g. extension_methods
> problem) so I'm stumped!
It is not a proxy error, is is a protocol violation by Microsoft NTLM
authentication not working with HTTP compliant proxies.
> Finally my real question: Is there a way to stop squid from being a proxy
> for certain addresses, such as an acl of
> acl to_exchange urlpath_regex /exchange
In transparent interception you have to configure blacklists at yuur
interception point with a list of destination IP addresses known not to
work with the proxy.
In normal proxying this is best done using a proxy pac script, where you
can create a rule maching exacly what you say above.
Regards
Henrik
Received on Thu May 26 2005 - 07:31:46 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT