RE: [squid-users] ACL Regex Browser - for Adobe Web capture?

From: <mwestern@dont-contact.us>
Date: Fri, 11 Jul 2003 12:13:09 +0930

hehe. yep i mean basic. sorry.

ta for tcpdump.

interesting idea. i might put basic first and see if IE takes the best
option, not the last option in the list (if it makes a diference that is)
and then see if adobe takes the basic option. then i'll be set.

i'll follow it up with adobe anyway. what's a pain is i probably have to go
and find the license numbers and reg info just to log a bug. <sigh> these
closed source companies, i ask you.

thanks
Matt

-----Original Message-----
From: Robert Collins [mailto:robertc@squid-cache.org]
Sent: Friday, 11 July 2003 11:55 AM
To: mwestern@sola.com.au
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] ACL Regex Browser - for Adobe Web capture?

On Fri, 2003-07-11 at 12:03, mwestern@sola.com.au wrote:
> Hi Robert,
>
> >you can simply allow adobe based on a browser regex before your auth
> >triggering http_access lines.
>
> that's what i'm hoping to do to get around this problem. have you managed
> to do this? i've not experimented yet as i didn't know what adobe tells
> squid what browser it is. i'm going to tcpdump eventually and see if i
can
> figure it out.

Yup. tcpdump -s 1500 -X port 8080 host <srcip you are testing from>

that should do it for you.

> >As far as the adobe tool working with plain, not when NTLM is enabled,
> >that smells like a bug - RFC 2617 specifies that user agents should
> >select the -best supported- auth scheme offered by the proxy - and as
> >you have plain enabled, adobe should select that and use it.
>
> just plain works with adobe. ntlm doesn't. and ntlm first and plain
second
> doesn't. sad that.

Uhm 'plain'? I presume you are referring to 'basic' - there is no such
scheme as plain.

> i'm guessing that adobe is selecting the best supported one which is ntlm
> and failing because it doesn't like it. it's version 5 of pdf which isn't
> the latest (6 is out).

Thats the point - if it doesn't like NTLM, it shouldn't select it
according to the RFC. This is grounds for a bug report to the vendor -
adobe- IMO. I was giving you the description, to help you make the case
to them :}.

Anecdotally MSIE has(perhaps had - I haven't tested for a while) a bug
that it always chooses the first offered scheme, even if it is less
secure than others in the list.

Rob

-- 
GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
Received on Thu Jul 10 2003 - 20:31:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:56 MST