RE: [squid-users] A couple new problems from Brian Palmer on 2002-05-15 (squid-users)

From: Brian Palmer <bpalmer@dont-contact.us>
Date: Wed, 15 May 2002 11:18:40 -0400

Thanks Henrik,
You answered my rather poorly worded question.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@marasystems.com]
Sent: Wednesday, May 15, 2002 10:56 AM
To: Brian Palmer; 'squid-users@squid-cache.org'
Subject: Re: [squid-users] A couple new problems

Refuse you can do.. simply deny such connections in http_access.

Make the client not use the proxy you can't... this has to be done in the
client config.

Central administration of proxy settings is acheived using proxy
configuration scripts, or centralized browser administration tools (most
browser vendors has such tools).

Regards
Henrik

Brian Palmer wrote:
> Thanks for the responses.
>
> Okay, now another question. I think I know the answer (no) but I figured
> someone smarter than me may have figured out a workaround. Is there any
> way to have squid refuse to proxy local connections? I can do it from the
> client side without issue, but it would be easier to administer if it was
> centralized at the squid box. Any thoughts? I'm not doing transparent
> proxying, which would also make it fairly easy through redirect rules...
>
> -----Original Message-----
> From: Squid Support (Henrik Nordstrom) [mailto:hno@marasystems.com]
> Sent: Wednesday, May 15, 2002 5:23 AM
> To: Brian Palmer; 'squid-users@squid-cache.org'
> Subject: Re: [squid-users] A couple new problems
>
> On Tuesday 14 May 2002 22:38, Brian Palmer wrote:
> > Hi folks,
> > Been using squid happily for about a year now, but I've run
> > across a couple issues that I can't seem to sort out. I've got a
> > user that needs to connect to a website that uses NT CHAP
> > authentication. If the user goes through the proxy it just spits
> > back an authentication error without being prompted for a password.
> > Can Squid proxy CHAP? Didn't see anything in the FAQ regarding it
> > one way or the other.
>
> No, MS NTLM over HTTP cannot be proxied, not even by MS PROXY (or
> ISA) when being used as a HTTP proxy. This is due to a design flaw in
> the MS NTLM over HTTP protocol.
>
> Regards
> Henrik
Received on Wed May 15 2002 - 09:15:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:08 MST