Re: [squid-users] SSL EDI Site issues

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 17 Dec 2008 14:19:36 +1300

Joseph L. Casale wrote:
> I am running squid-2.6.STABLE6-5.el5_1.3 on CentOS 5 with ntlm auth
> and all our mail and banking ssl sites are functioning except one
> site, messaging.covisint.com:443 that we do EDI with. I am getting:
> 192.168.0.146 TCP_DENIED/407 1859 CONNECT messaging.covisint.com:443 - NONE/- text/html
> in the access.log.
>
> I am reading http://squid.sourceforge.net/ntlm/client_proxy_protocol.html
> and I assume this is more to do with how the client application was coded,
> possibly it is not smart enough to retry enough times?
>
> Is there something from within Squid I can do rather than bypass the
> site in ie's proxy settings (which allow this application to function)
> as client side direct access to the net will soon be removed? maybe a
> rule for access to this url to not require auth and go straight to it?
>
> Thanks,
> jlc

Add this before the line that requires auth:

acl covisint dstdomain messaging.covisint.com
http_access allow CONNECT localnet covisint

Assuming that you have the localnet (local network ranges) and CONNECT
acls defined already.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
Received on Wed Dec 17 2008 - 01:19:39 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 17 2008 - 12:00:03 MST