> > Stephan wrote:
> >> Environment: squid/2.7.STABLE5 on win32.
> >> Auth against Windows ActiveDirectory with mswin_auth.exe
> >>
> >> I want to allow one https-URL for all networkuser.
> >> So i have added this ruleset:
> >>
> >> acl erlaubthttps dstdomain .domain.tld (where domain.tld is the URL i
> >> want to allow) http_access allow erlaubthttps
you must allow CONNECT method to .domain.tld, since proxying https means
using CONNECT requests.
> >> When i try to open this site i'll get the Username/Password prompt from
> >> squid.
> >>
> >> When i test ist with normal http-Sites my rule is correct but with https
> >> it wont work.
> On Fri, 20 Mar 2009 09:55:51 -0800, Chris Robertson <crobertson_at_gci.net>
> wrote:
> > Other http_access rules are interfering?
> > You aren't using the cache for HTTPS requests?
On 23.03.09 08:01, Stephan wrote:
> i don't think that i don't cache HTTPS requests.
The only way https can be cached is to use fake certificate, which most
(all?) browsers will notice and report, deny CONNECT requests and
intercept/deny all direct traffic. https is encrypted, which means that the
proxy does NOT know what you are requesting, it only can from
source/destination IP address, amount of data flowing and other indirect
informations.
> I don't have any rules for that.
>
> Other http_access rules are working!
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers.Received on Mon Mar 23 2009 - 10:39:36 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 23 2009 - 12:00:02 MDT