[squid-users] Help proxying Sun Java while using 'ident required' from Brian E. Conklin on 2005-01-10 (squid-users)

From: Brian E. Conklin <bconklin@dont-contact.us>
Date: Mon, 10 Jan 2005 11:14:18 -0800

Hello,
I am having an issue with the Sun Java VM and Squid. Squid won't
proxy any applets running in a browser while our 'ident required' ACL is
active. If I deactivate the 'ident required' ACL, the applets work fine in
the Sun Java VM. However, if I switch my browser to use Microsoft's Java VM,
the applets work correctly with the 'ident required' ACL active.

Here is the applicable portion of my ACL:

acl mgh src 172.31.192.0/255.255.240.0 192.168.11.0/255.255.255.0
acl idents ident REQUIRED
acl SNMPpublic snmp_community public
acl 7Ato7P time 07:00-19:00
acl ICU7Ato7PPCs src 172.31.195.138
acl JavaApplets url_regex -i \.Class \.loadClass java \.jar
acl JavaOctet-Stream req_mime_type application/octet-stream
acl fw_outside src 66.119.204.11
acl jsStream req_mime_type application/x-javascript

snmp_access allow mgh SNMPpublic
http_access allow manager mgh
http_access deny ICU7Ato7PPCs !7Ato7P
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports !Safe_ports
http_access allow JavaApplets !idents
http_access allow JavaOctet-Stream !idents
http_access allow jsStream !idents
http_access allow mgh idents
http_access deny all !Server_IPs !fw_outside

The output of uname -a is:
FreeBSD fw.masongeneral.com 4.10-RELEASE-p1 FreeBSD 4.10-RELEASE-p1 #2: Wed
Jun 30 08:23:12 PDT 2004
root@fw.masongeneral.com:/usr/obj/usr/src/sys/FIREWALL i386

The version of Squid I am running is:
Squid-2.5.6_10

Brian E. Conklin
Director of Information Services
Mason General Hospital
====================================
Mason General Hospital
901 Mt. View Drive
PO Box 1668
Shelton, WA 98584
http://www.masongeneral.com
(360) 426-1611
====================================

This message is intended for the sole use of the individual and entity
to whom it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you
are not the addressee nor authorized to receive for the addressee, you
are hereby notified that you may not use, copy, disclose or distribute
to anyone this message or any information contained in the message. If
you have received this message in error, please immediately notify the
sender and delete the message.

Thank you.
Received on Mon Jan 10 2005 - 12:14:21 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST