[SQU] Fw: Authentication to Hotmail, Yahoo Mail, etc

From: Awie <awie@dont-contact.us>
Date: Tue, 24 Oct 2000 21:45:07 +0800

Henrik,

I think it is better if we named "AR (Authentication Required)" pages for
Hotmail, Yahoo Mail, etc.

I got one more interesting symptom. If I remove option "accept cookies" from
IE (browser), the "AR" pages loop asking username and password, although I
run non-transparent mode. However, I don't find any lines in squid.conf that
relevant with "cookies".

Unfortunately, I still don't know how to install and configure Plug-gw.

Please advise. Thx

Best Regards,

Awie
awie@eksadata.com
PT. EKSADATA INTISOLUSI
Phone : (62-361) 261514
Mobile1 : (62-82) 3610369
Mobile2 : (62-818) 346241
----- Original Message -----
From: "Awie" <awie@eksadata.com>
To: "Henrik Nordstrom" <hno@hem.passagen.se>
Cc: <squid-users@ircache.net>
Sent: Saturday, October 21, 2000 10:53 PM
Subject: Authentication to Hotmail, Yahoo Mail, etc

> Henrik,
>
> Before I am lost too far to isolate the problem, here my new discovery of
> symptom. I found a new interesting progress of my problem.
>
> As I inform you that problem (looping to ask username and password) in my
> transparent proxy. Below is the (header) address of result pages, if I run
> in transparent mode (with unsuccessful result).
>
>
http://lc5.law5.hotmail.passport.com/cgi-bin/login?_lang=EN&rru=%2fcgi%2dbin
> %2fHoTMaiL&reason=wrongdomain
>
> If I type in the proxy address into my browser (IE 5.5). EITHER I put the
> address and port to all fields (HTTP, FTP, SSL, etc) or in HTTP field
only.
> I successfully LOGIN to HOTMAIL. Below the (header) of address of
successful
> LOGIN.
>
> http://pv1fd.pav1.hotmail.msn.com/cgi-bin/HoTMaiL?n=14230&fti=yes
>
> I already type "hierarchy_stoplist hotmail.com" into my squid.conf.
Someone
> tell me that I should check my ACL. However, I use the squid default of
ACL.
> I just change "http_access deny all" to be http_access allow all". I know
> that my change is not good for security reason.
>
> Can you tell me the possibility of problem source?
>
> Thx
>
>
> Best Regards,
>
> Awie
> awie@eksadata.com
> PT. EKSADATA INTISOLUSI
> Phone : (62-361) 261514
> Mobile1 : (62-82) 3610369
> Mobile2 : (62-818) 346241
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@hem.passagen.se>
> To: "Awie" <awie@eksadata.com>
> Cc: <squid-users@ircache.net>
> Sent: Tuesday, October 17, 2000 5:56 PM
> Subject: Re: Authentication
>
>
> > Awie wrote:
> >
> > > John Saunders told me that most of WEB (the require authentication)
need
> > > same IP. I must forward the SSL packet to Squid as well as HTTP. His
> > > suggestion is very logical. However, when I tried to do it by adding
the
> > > command into my Cisco IOS. My browser goes "freeze" until it reach the
> > > timeout and displaying error message.
> >
> > This is true for quite many services where authentication is performed
> > using cookies.
> >
> > What most people recommend it to use masquerading/source NAT to have the
> > client address rewritten to that of the proxy.
> >
> > Theoretically it should also be possible to use a TCP proxy capable of
> > running as a transparent proxy. I think there is patches to plug-gw from
> > TIS FWTK for this...
> >
> > > Again.....if I run non-transparent mode (I put same proxy address and
> port
> > > in my browser for all protocols; HTTP, FTP, SSL, etc), it runs very
> well. I
> > > assume that in my non-transparent proxy, all requests (FTP, HTTP, SSL)
> is
> > > forwarded to Squid. Am I right?
> >
> > Your browser does what you tell it... so yes.
> >
> > > I posted this problem to Squid's user mailing list and send mail to
> several
> > > people that seems expert (including you). Unfortunately, so far I
still
> get
> > > no solution. Because I cannot "isolate" the source of problem, yet.
> >
> > You quite likely have isolated the source already.
> >
> > /Henrik
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Oct 24 2000 - 07:44:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:54 MST