Re: [squid-users] Authentication Prompt on one blocked acl

Steve Wilson Jr wrote:

>>-----Original Message-----
>>From: Chris Robertson [mailto:crobertson@gci.net]
>>Sent: Monday, May 22, 2006 7:12 PM
>>To: Squid List
>>Subject: Re: [squid-users] Authentication Prompt on one blocked acl
>>
>>Steve Wilson Jr wrote:
>>
>>>I'm using NTLM authentication and it works fine but I have an acl
>>>blocking browser regexp windows mediaplayer. Everytime I pull up a page
>>>with the media player embedded it prompts for authentication. Other than
>>
>>>that it never prompts. Any ideas?
>>>
>>>Steve Wilson Jr
>>>Loxias IT Solutions
>>>513-605-2726
>>>swilsonjr@loxias.com
>>>
>>>
>>>
>>
>>What does the http_access line that performs the block (and the related
>>ACL) look like?
>>
>>Chris
>>
>
>The acl:
>acl WMP browser -i Windows-Media-Player/*
>
>and the http_access list:
>http_access allow manager localhost
>http_access allow localhost
>http_access allow WhiteList
>http_access deny !ntlm
>
>
My guess would be that WMP is not providing authentication credentials
and is being blocked by this rule here. Move the WMP block above this
one, and see if that clears the problem.

>http_access deny Explicitly_denied
>http_access deny BlockExt
>http_access deny WMP
>http_access deny reqMIME
>http_access deny repMIME
>http_access deny Anonymous_Proxy
>http_access deny !Safe_Ports
>http_access deny CONNECT !SSL_ports
>http_access deny manager
>http_access allow Clients
>http_access deny all
>
>when something gets blocked by BlockExt or Explicitly denied there is no
>auth prompt. Is there something with the browser acl type?
>Thanks in advance for any help!
>
>
Otherwise, you might remove the http_access deny !ntlm, and change the
allow line to...

http_access allow ntlm Clients

...which will block the non-authenticated without a pop up prompt for
authentication.

Chris
Received on Tue May 23 2006 - 13:22:55 MDT